Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Pro2010


  • This topic is locked This topic is locked
18 replies to this topic

#1 thomaser

thomaser

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 28 September 2009 - 03:06 PM

Hi!

The last couple of days my computer has been infected with lots of spyware, foremost Antivirus Pro2010 and Total Security. I got rid of Total Security as far as I know. Also got rid of a couple of others, but I don't remember their names. Antivirus Pro2010 is still here, though, and I've tried just about everything.

I have Norton Internet Security Online (installed it after getting into this mess), Malwarebytes Anti-Malware, SuperAntiSpyware and a trial version of Spyware Doctor. They usually find Antivirus Pro2010 and remove it, but when I reboot it comes up again. Installing Norton helped make it a tad less obnoxious - it no longer creates fake pop-up boxes or desktop backgrounds. But it's still there!

According to the log in Norton, when the system starts up, a file called c:\windows\temp\bn1d.tmp modifies four resources:
- \REGISTRY\USER\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\mserv
- \REGISTRY\USER\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\svchost
- c:\documents and settings\localservice\programdata\seres.exe
- c:\documents and settings\localservice\programdata\svcst.exe

After that, the log says that C:\Programfiler\Antivirus_Pro2010\Antivirus_Pro2010.exe is trying to log onto the net, shortly followed by C:\Documents and Settings\LocalService\Programdata\lizkavd.exe. C:\Programfiler\Antivirus_Pro2010\Antivirus_Pro2010.exe then tries to gain access to processdata.

Seres.exe and Svcst.exe seem to be the same, and they always turn up quickly as processes in the task manager. The Antivirus Pro2010 process starts up shortly after. I can remove the Antivirus Pro2010 process, but not seres.exe and svcst.exe. If I do, they just come back at once. It is also usually impossible to delete their files, since their processes are always running. I have been able to delete them sometimes after running one or two of the antispyware-programs, but they return after rebooting.

I have tried following various guides in order to get rid of everything manually, but no matter how much I find and delete, both files and in the registry, seres.exe and svcst.exe always return at reboot and start up Antivirus Pro2010 again.

Here's the HiJackThis-log, directly after a reboot and before running any other scans:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:40, on 28.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe
C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe
C:\Programfiler\Fellesfiler\Nokia\MPlatform\NokiaMServer.exe
C:\HP\KBD\KBD.EXE
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\Programfiler\QuickTime\QTTask.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programfiler\OpenOffice.org 3\program\soffice.exe
C:\Programfiler\OpenOffice.org 3\program\soffice.bin
C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Canon\CAL\CALMAIN.exe
C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\LocalService\Programdata\seres.exe
C:\Documents and Settings\LocalService\Programdata\svcst.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tendo.no/edit
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.mimer.no:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Telenor Telenorhjelpen Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar3.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Clean System Memory 120 Sec. After Startup] C:\Windows\system32\CleanMem.exe 120
O4 - HKLM\..\Run: [Telenorhjelpen] "C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Programfiler\Fellesfiler\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [Antivirus Pro 2010] "C:\Programfiler\AntivirusPro_2010\AntivirusPro_2010.exe" /hide
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [mserv] C:\Documents and Settings\LocalService\Programdata\seres.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [mserv] C:\Documents and Settings\LocalService\Programdata\seres.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtigstart.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Nokia Ovi Suite.lnk = C:\Programfiler\Nokia\Ovi\Suite\RunLauncher.exe
O8 - Extra context menu item: Add to Evernote - res://C:\Programfiler\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Download all by Net Transport - C:\Programfiler\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Programfiler\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Programfiler\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Programfiler\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206572371765
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/no/big/1.1....g/GoogleNav.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programfiler\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Programfiler\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe

--
End of file - 13177 bytes

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 15 October 2009 - 05:12 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  • Click on the My Controls link at the top of the page to enter your control panel.
  • Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  • Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  • Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.
Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 thomaser

thomaser
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 15 October 2009 - 06:16 PM

Thanks for the reply!

Norton seems to have taken care of most of the trouble, but Antivirus Pro2010 still randomly tries to install itself, along with a few other spyware-files and trojans. They seem to appear shortly after turning on the computer, but not always. Sometimes I get lots of attacks at once from various spyware, but it's been over two weeks since last time that happened, with 52 attacks in a short while on September 28th according to the Norton-logs. This month has been relatively quiet, with 7 safety-risks discovered so far. I cannot see anything wrong at the moment, and seres.exe and svcst.exe are nowhere to be seen.

Here are the dds-logs:

DDS (Ver_09-10-13.01) - NTFSx86
Run by Eier at 0:34:11,96 on 16.10.2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1535.901 [GMT 2:00]

AV: Norton Internet Security Online *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security Online *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
svchost.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe
C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\Nokia\MPlatform\NokiaMServer.exe
C:\HP\KBD\KBD.EXE
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\Programfiler\QuickTime\QTTask.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programfiler\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Programfiler\Canon\CAL\CALMAIN.exe
C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programfiler\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Eier\Skrivebord\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.tendo.no/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Settings,ProxyServer = proxy.mimer.no:8080
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programfiler\adobe\adobe acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\programfiler\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\programfiler\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\windows\downloaded program files\googletoolbar3.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\programfiler\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programfiler\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Telenor Telenorhjelpen Plugin: {db87cde1-ef9c-44eb-a42f-6d0b3c72c516} - c:\programfiler\telenor\telenorhjelpen\IEFixItNowPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programfiler\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programfiler\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\programfiler\hewlett-packard\digital imaging\bin\HPDTLK02.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\programfiler\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\windows\downloaded program files\googletoolbar3.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\programfiler\norton internet security\engine\16.7.2.11\coIEPlg.dll
TB: Microsoft CommBand: {4d5c8c2a-d075-11d0-b416-00c04fb90376} - %SystemRoot%\System32\browseui.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\programfiler\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [swg] c:\programfiler\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\programfiler\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CamMonitor] c:\programfiler\hewlett-packard\digital imaging\unload\hpqcmon.exe
mRun: [HPHUPD05] c:\programfiler\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [StorageGuard] "c:\programfiler\fellesfiler\sonic\update manager\sgtray.exe" /r
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [HP Component Manager] "c:\programfiler\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Clean System Memory 120 Sec. After Startup] c:\windows\system32\CleanMem.exe 120
mRun: [Telenorhjelpen] "c:\programfiler\telenor\telenorhjelpen\Telenor.exe"
mRun: [NokiaMServer] c:\programfiler\fellesfiler\nokia\mplatform\NokiaMServer /watchfiles
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [HP Software Update] c:\programfiler\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "c:\programfiler\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\programfiler\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\programfiler\java\jre6\bin\jusched.exe"
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [QuickTime Task] "c:\programfiler\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\eier\start-~1\progra~1\oppstart\openof~1.lnk - c:\programfiler\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\acroba~1.lnk - c:\programfiler\adobe\adobe acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\adobeg~1.lnk - c:\programfiler\fellesfiler\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\hpdigi~1.lnk - c:\programfiler\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\hpimag~1.lnk - c:\programfiler\hewlett-packard\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\nokiao~1.lnk - c:\programfiler\nokia\ovi\suite\RunLauncher.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: Add to Evernote - c:\programfiler\evernote\evernote3\enbar.dll/2000
IE: Download all by Net Transport - c:\programfiler\xi\nettransport 2\NTAddList.html
IE: Download by Net Transport - c:\programfiler\xi\nettransport 2\NTAddLink.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe
IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - c:\programfiler\evernote\evernote3\enbar.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206572371765
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6CB5E471-C305-11D3-99A8-000086395495} - hxxp://toolbar.google.com/data/no/big/1.1.62-big/GoogleNav.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup144.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\programfiler\fellesfiler\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\programfiler\hp\hpcoretech\comp\hpuiprot.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\programfiler\norton internet security\engine\16.7.2.11\CoIEPlg.dll
Notify: !SASWinLogon - c:\programfiler\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programfiler\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-26 130936]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-9-28 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-9-28 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-9-28 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090916.003\IDSXpx86.sys [2009-9-27 329080]
R1 SASDIFSV;SASDIFSV;c:\programfiler\superantispyware\SASDIFSV.SYS [2008-2-29 9968]
R1 SASKUTIL;SASKUTIL;c:\programfiler\superantispyware\SASKUTIL.SYS [2008-2-29 74480]
R2 MSSQL$MAMUT;SQL Server (MAMUT);c:\programfiler\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2005-10-14 28768528]
R2 Norton Internet Security;Norton Internet Security;c:\programfiler\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-9-28 117640]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
S2 TwonkyMedia;TwonkyMedia;c:\programfiler\nokia\nokia home media server\media server\twonkymedia.exe -serviceversion 0 --> c:\programfiler\nokia\nokia home media server\media server\TwonkyMedia.exe -serviceversion 0 [?]
S3 Chabad;Chabad;c:\windows\system32\drivers\imapi.sys [2003-9-1 42112]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\fellesfiler\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-27 102448]
S3 Pdcapsiselp;Pdcapsiselp; [x]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2003-8-8 24192]
S3 Rpc35naydncp;Rpc35naydncp; [x]
S3 SASENUM;SASENUM;c:\programfiler\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programfiler\spyware doctor\pctsAuxs.exe [2009-9-26 348752]
SUnknown Fdpddisitp;Fdpddisitp; [x]

=============== Created Last 30 ================

2009-10-13 13:14 <DIR> --d----- c:\programfiler\Amazon
2009-09-29 18:45 <DIR> --d-hr-- c:\documents and settings\eier\Siste
2009-09-28 21:36 <DIR> --d----- c:\programfiler\AntivirusPro_2010
2009-09-28 14:09 <DIR> --d-h--- c:\windows\PIF
2009-09-28 11:30 15,630 a------- c:\windows\system32\ybygipugux.exe
2009-09-28 11:30 15,528 a------- c:\windows\enefomu.bat
2009-09-28 11:30 15,113 a------- c:\windows\system32\zedirazyse.scr
2009-09-28 10:39 19,177 a------- c:\windows\system32\asimofedyz.inf
2009-09-27 23:50 <DIR> --d--r-- c:\programfiler\Norton Support
2009-09-27 23:23 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-09-27 23:23 124,976 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-27 23:23 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-09-27 23:23 7,456 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-27 23:23 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-27 23:23 <DIR> --d----- c:\programfiler\Symantec
2009-09-27 23:22 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-09-27 23:22 <DIR> --d----- c:\programfiler\Norton Internet Security
2009-09-27 23:22 <DIR> --d----- c:\docume~1\alluse~1\progra~1\Norton
2009-09-27 23:22 <DIR> --d----- c:\programfiler\NortonInstaller
2009-09-27 23:22 <DIR> --d----- c:\docume~1\alluse~1\progra~1\NortonInstaller
2009-09-27 19:56 15,063 a------- c:\windows\system32\odivonu.db
2009-09-27 19:56 14,273 a------- c:\programfiler\fellesfiler\myhet.pif
2009-09-27 19:56 12,639 a------- c:\windows\system32\xabewowu.sys
2009-09-27 19:56 11,386 a------- c:\windows\system32\ruwugebyqi.bat
2009-09-27 19:49 <DIR> --d----- c:\documents and settings\eier\log
2009-09-27 18:55 18,822 a------- c:\programfiler\fellesfiler\fuguty.sys
2009-09-27 18:55 11,822 a------- c:\windows\system32\ofule.inf
2009-09-26 23:50 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-26 23:50 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-26 23:50 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-26 23:50 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-26 23:50 <DIR> --d----- c:\programfiler\fellesfiler\PC Tools
2009-09-26 23:49 <DIR> --d----- c:\programfiler\Spyware Doctor
2009-09-26 23:49 <DIR> --d----- c:\docume~1\eier\progra~1\PC Tools
2009-09-26 23:49 <DIR> --d----- c:\docume~1\alluse~1\progra~1\PC Tools
2009-09-26 23:48 <DIR> --d----- c:\docume~1\eier\progra~1\GetRightToGo
2009-09-26 23:45 42,368 ac------ c:\windows\system32\dllcache\agp440.sys

==================== Find3M ====================

2009-09-28 10:39 11,886 a------- c:\programfiler\fellesfiler\amoquwaz._sy
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-09 03:11 492,006 a------- c:\windows\system32\perfh014.dat
2009-08-09 03:11 97,822 a------- c:\windows\system32\perfc014.dat
2009-08-05 11:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-01-13 16:22 2,697,168 a------- c:\programfiler\mbam-setup.exe
2008-05-13 12:23 69,848 a------- c:\docume~1\eier\progra~1\GDIPFONTCACHEV1.DAT
2003-08-08 17:46 32 a--sh--- c:\windows\{7AFA3503-DFBF-47F8-AAEA-96B3606B7C50}.dat
2004-01-31 00:01 32 a--sh--- c:\windows\{B82F55F4-EB44-4584-A8E1-68C96709FD11}.dat
2003-08-08 17:46 32 a--sh--- c:\windows\system32\{6F59107F-EC77-4DAD-B912-D9B06983AA1F}.dat
2004-01-31 00:01 32 a--sh--- c:\windows\system32\{D8E827C3-8942-4323-8DE0-72456D2E1E0F}.dat

============= FINISH: 0:34:50,86 ===============

Attached Files



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:10 AM

Posted 20 October 2009 - 12:35 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Please also run a scan with Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 thomaser

thomaser
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 23 October 2009 - 06:18 PM

OTL.txt

OTL logfile created on: 24.10.2009 01:06:08 - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Eier\Skrivebord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

1,50 Gb Total Physical Memory | 0,77 Gb Available Physical Memory | 51,29% Memory free
2,11 Gb Paging File | 1,30 Gb Available in Paging File | 61,64% Paging File free
Paging file location(s): C:\pagefile.sys 768 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 109,42 Gb Total Space | 77,97 Gb Free Space | 71,26% Space Free | Partition Type: NTFS
Drive D: | 5,07 Gb Total Space | 0,70 Gb Free Space | 13,74% Space Free | Partition Type: FAT32
Drive E: | 479,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 584,14 Gb Total Space | 389,34 Gb Free Space | 66,65% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THOMAS-HJEMME
Current User Name: Eier
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009.10.24 01:05:34 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eier\Skrivebord\OTL.exe
PRC - [2009.09.05 01:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Programfiler\QuickTime\QTTask.exe
PRC - [2009.08.28 13:13:02 | 00,832,808 | ---- | M] (Opera Software) -- C:\Programfiler\Opera\Opera.exe
PRC - [2009.08.26 02:09:09 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009.07.25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Java\jre6\bin\jusched.exe
PRC - [2009.07.25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Java\jre6\bin\jqs.exe
PRC - [2009.06.25 15:12:42 | 01,414,144 | ---- | M] (Nokia) -- C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009.06.02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009.05.28 13:45:00 | 00,132,096 | ---- | M] (Nokia) -- C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009.05.26 12:01:18 | 00,184,320 | ---- | M] (Telenor) -- C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe
PRC - [2009.04.23 06:29:18 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Programfiler\OpenOffice.org 3\program\soffice.bin
PRC - [2009.04.23 06:29:14 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Programfiler\OpenOffice.org 3\program\soffice.exe
PRC - [2009.03.30 10:11:14 | 00,120,320 | ---- | M] (Nokia) -- C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.03.11 14:52:26 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Programfiler\iTunes\iTunesHelper.exe
PRC - [2009.03.11 14:52:22 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Programfiler\iPod\bin\iPodService.exe
PRC - [2009.03.06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008.12.12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programfiler\Bonjour\mDNSResponder.exe
PRC - [2008.07.17 12:42:44 | 01,011,712 | ---- | M] () -- C:\Programfiler\Fellesfiler\Nokia\MPlatform\NokiaMServer.exe
PRC - [2008.04.14 18:22:49 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007.12.21 04:57:26 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2007.08.09 09:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2007.05.18 22:49:13 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007.05.08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
PRC - [2006.08.09 12:49:58 | 00,557,056 | ---- | M] () -- C:\Programfiler\Last.fm\LastFM.exe
PRC - [2005.10.14 12:51:45 | 28,768,528 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2005.09.30 19:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Programfiler\Canon\CAL\CALMAIN.exe
PRC - [2005.02.02 17:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [2005.01.12 14:54:58 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe
PRC - [2004.05.29 00:08:52 | 00,520,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
PRC - [2004.05.28 23:31:38 | 00,241,664 | ---- | M] (Hewlett-Packard Co.) -- C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2003.10.24 06:37:56 | 00,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Programfiler\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
PRC - [2003.05.23 02:58:46 | 00,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\hphmon05.exe
PRC - [2003.04.03 20:35:38 | 00,050,176 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [2002.10.07 07:23:20 | 00,090,112 | ---- | M] () -- C:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
PRC - [1998.05.07 16:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\windows\system\hpsysdrv.exe

========== Win32 Services (SafeList) ==========

SRV - [2009.08.26 02:09:09 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security [Auto | Running])
SRV - [2009.07.25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009.07.22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Programfiler\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
SRV - [2009.06.02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2009.03.11 14:52:22 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Programfiler\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009.03.06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009.01.07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Programfiler\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])
SRV - [2008.12.12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programfiler\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008.07.29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008.07.29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008.07.29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008.07.25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008.07.25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008.07.09 16:03:48 | 00,102,400 | ---- | M] (PacketVideo) -- C:\Programfiler\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -- (TwonkyMedia [Auto | Stopped])
SRV - [2008.04.14 18:22:17 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007.12.21 04:57:26 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2007.12.20 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2007.11.15 22:30:48 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Programfiler\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2007.08.09 09:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007.02.14 23:47:14 | 00,138,168 | ---- | M] (Google) -- C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2006.10.18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2005.10.14 12:51:45 | 28,768,528 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MAMUT [Auto | Running])
SRV - [2005.10.14 12:51:12 | 00,239,320 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2005.10.14 12:50:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2005.10.14 04:53:50 | 00,087,768 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
SRV - [2005.09.30 19:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Programfiler\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2004.10.22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004.09.08 15:14:52 | 00,068,096 | ---- | M] () -- C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2003.10.13 16:24:14 | 00,061,440 | ---- | M] (Adobe Sytems) -- C:\Programfiler\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue [On_Demand | Stopped])
SRV - [2003.05.02 23:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009.09.28 02:20:42 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009.09.28 02:20:00 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\ccHPx86.sys -- (ccHP [System | Running])
DRV - [2009.09.27 10:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091023.002\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2009.09.27 10:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Programfiler\Fellesfiler\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009.09.27 10:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2009.09.27 10:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091023.002\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009.09.11 19:49:50 | 00,329,080 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091021.001\IDSxpx86.sys -- (IDSxpx86 [System | Running])
DRV - [2009.08.26 02:09:10 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SYMEFA.SYS -- (SymEFA [Boot | Running])
DRV - [2009.08.26 02:09:10 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2009.08.26 02:09:10 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys -- (BHDrvx86 [System | Running])
DRV - [2009.08.26 02:09:10 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2009.08.26 02:09:10 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009.08.26 02:09:10 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2009.08.26 02:09:10 | 00,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2009.08.26 02:09:10 | 00,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009.08.26 02:08:51 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2009.08.26 02:08:51 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009.08.13 07:04:05 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Programfiler\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2009.05.01 14:47:40 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Programfiler\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009.04.03 10:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2009.02.21 02:24:00 | 00,043,672 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
DRV - [2009.01.15 13:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008.08.26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2008.04.13 18:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007.12.21 05:53:20 | 02,843,136 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007.11.15 22:30:48 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys -- (npf [Auto | Running])
DRV - [2007.03.08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006.02.16 16:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Programfiler\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2005.12.12 18:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2005.10.22 07:22:48 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2005.10.21 19:58:58 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2005.10.21 19:58:52 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2004.08.04 07:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2004.08.04 07:29:51 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3Psddr [On_Demand | Stopped])
DRV - [2003.08.11 13:22:54 | 00,040,228 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys -- (SunkFilt [On_Demand | Stopped])
DRV - [2003.07.01 00:05:36 | 00,756,444 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2003.05.21 23:33:30 | 00,196,352 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003.05.21 23:32:32 | 00,631,296 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2003.05.21 23:31:22 | 01,063,040 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2003.05.09 10:16:58 | 00,331,392 | ---- | M] (Philips Semiconductors) -- C:\WINDOWS\System32\DRIVERS\Cap7134.sys -- (Cap7134 [On_Demand | Stopped])
DRV - [2003.05.06 15:34:56 | 00,394,752 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys -- (SiS315 [On_Demand | Stopped])
DRV - [2003.04.28 22:33:28 | 00,024,192 | ---- | M] (Philips Semiconductors) -- C:\WINDOWS\System32\DRIVERS\PhTVTune.sys -- (PhTVTune [On_Demand | Stopped])
DRV - [2003.04.15 17:40:54 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003.04.15 17:40:46 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])
DRV - [2003.04.15 17:39:46 | 00,090,907 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2003.04.11 08:51:30 | 00,010,624 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\srvkp.sys -- (SiSkp [System | Running])
DRV - [2003.04.09 21:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2003.03.19 22:51:00 | 00,018,688 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp [Boot | Running])
DRV - [2003.02.20 16:18:36 | 00,036,608 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP [Boot | Running])
DRV - [2002.12.27 11:41:00 | 00,026,880 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1 [Boot | Running])
DRV - [2002.11.15 04:15:00 | 00,012,640 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\itchfltr.sys -- (itchfltr [On_Demand | Stopped])
DRV - [2002.11.08 11:50:00 | 00,070,238 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running])
DRV - [2002.11.08 11:50:00 | 00,052,238 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys -- (L8042pr2 [On_Demand | Running])
DRV - [2002.10.30 16:14:50 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2002.10.04 17:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS -- (rtl8139 [On_Demand | Running])
DRV - [2002.10.01 10:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc [On_Demand | Running])

========== Modules (SafeList) ==========

MOD - [2009.10.24 01:05:34 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eier\Skrivebord\OTL.exe
MOD - [2009.08.26 02:09:06 | 00,419,696 | R--- | M] (Symantec Corporation) -- C:\PROGRAMFILER\NORTON INTERNET SECURITY\ENGINE\16.7.2.11\ASOEHOOK.DLL
MOD - [2008.04.14 18:19:05 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tendo.no/edit
IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\S-1-5-21-2486099585-3324090725-2328671551-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\S-1-5-21-2486099585-3324090725-2328671551-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\S-1-5-21-2486099585-3324090725-2328671551-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.mimer.no:8080

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programfiler\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.07.03 23:29:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.02 03:00:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programfiler\Java\jre6\lib\deploy\jqs\ff [2009.06.08 23:22:40 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Telenor Telenorhjelpen Plugin) - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll (Telenor)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar3.dll ()
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar3.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar3.dll ()
O3 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar3.dll ()
O3 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CamMonitor] c:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe ()
O4 - HKLM..\Run: [Clean System Memory 120 Sec. After Startup] C:\WINDOWS\System32\CleanMem.exe (PCWinTech.com)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Programfiler\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Programfiler\Fellesfiler\Nokia\MPlatform\NokiaMServer.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Programfiler\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [StorageGuard] C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Telenorhjelpen] C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe (Telenor)
O4 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003..\Run: [NVIEW] C:\WINDOWS\System32\nview.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003..\Run: [PC Suite Tray] C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\mod_sm.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Acrobat Assistant.lnk = C:\Programfiler\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\HP Digital Imaging Monitor.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\HP Image Zone Hurtigstart.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Nokia Ovi Suite.lnk = C:\Programfiler\Nokia\Ovi\Suite\RunLauncher.exe (Nokia)
O4 - Startup: C:\Documents and Settings\Default User\Start-meny\Programmer\Oppstart\mod_sm.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Eier\Start-meny\Programmer\Oppstart\OpenOffice.org 3.1.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: Add to Evernote - C:\Programfiler\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Download all by Net Transport - C:\Programfiler\Xi\NetTransport 2\NTAddList.html File not found
O8 - Extra context menu item: Download by Net Transport - C:\Programfiler\Xi\NetTransport 2\NTAddLink.html File not found
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Programfiler\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Programfiler\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1206572371765 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} http://toolbar.google.com/data/no/big/1.1....g/GoogleNav.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://download.abacast.com/download/files/abasetup144.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programfiler\Fellesfiler\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programfiler\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programfiler\Fellesfiler\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Min gjeldende hjemmeside) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.08.08 11:11:12 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001.07.27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002.09.10 12:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003.04.12 10:05:00 | 00,000,029 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - File not found - -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,002,675 | R--- | M] () - E:\auto-ar.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,003,028 | R--- | M] () - E:\auto-cs.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,002,953 | R--- | M] () - E:\auto-da.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,002,789 | R--- | M] () - E:\auto-de.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,002,926 | R--- | M] () - E:\auto-en.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,002,701 | R--- | M] () - E:\auto-es.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,003,054 | R--- | M] () - E:\auto-fi.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,003,090 | R--- | M] () - E:\auto-fr.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,002,776 | R--- | M] () - E:\auto-hu.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,002,737 | R--- | M] () - E:\auto-it.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,003,609 | R--- | M] () - E:\auto-ja.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,003,092 | R--- | M] () - E:\auto-ko.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,002,928 | R--- | M] () - E:\auto-nl.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,002,898 | R--- | M] () - E:\auto-no.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,002,645 | R--- | M] () - E:\auto-pl.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,002,571 | R--- | M] () - E:\auto-pt.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,003,052 | R--- | M] () - E:\auto-ro.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,004,026 | R--- | M] () - E:\auto-ru.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,002,850 | R--- | M] () - E:\auto-sc.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,002,948 | R--- | M] () - E:\auto-sk.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,002,750 | R--- | M] () - E:\auto-sl.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,002,980 | R--- | M] () - E:\auto-sv.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 08:45:26 | 00,003,718 | R--- | M] () - E:\auto-tc.html -- [ CDFS ]
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002.09.10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009.09.27 23:22:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\Norton
[2009.09.27 23:22:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\NortonInstaller
[2009.09.26 23:49:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\PC Tools
[2009.09.26 23:50:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\TEMP
[1 C:\Documents and Settings\Eier\Programdata\*.tmp files]
[2009.09.26 23:48:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eier\Programdata\GetRightToGo
[2009.09.26 23:49:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eier\Programdata\PC Tools
[1 C:\Documents and Settings\Eier\Programdata\*.tmp files]
[2009.09.26 23:50:06 | 00,000,000 | ---D | C] -- C:\Programfiler\Fellesfiler\PC Tools
[2009.10.13 13:14:46 | 00,000,000 | ---D | C] -- C:\Programfiler\Amazon
[2009.09.28 21:36:49 | 00,000,000 | ---D | C] -- C:\Programfiler\AntivirusPro_2010
[2009.09.27 23:22:44 | 00,000,000 | ---D | C] -- C:\Programfiler\Norton Internet Security
[2009.09.27 23:50:52 | 00,000,000 | R--D | C] -- C:\Programfiler\Norton Support
[2009.09.27 23:22:36 | 00,000,000 | ---D | C] -- C:\Programfiler\NortonInstaller
[2009.10.07 22:07:14 | 00,000,000 | ---D | C] -- C:\Programfiler\QuickTime
[2009.09.26 23:49:59 | 00,000,000 | ---D | C] -- C:\Programfiler\Spyware Doctor
[2009.09.27 23:23:18 | 00,000,000 | ---D | C] -- C:\Programfiler\Symantec
[2009.09.27 23:22:44 | 00,000,000 | ---D | C] -- C:\Programfiler\Windows Sidebar
[2009.10.24 01:05:32 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eier\Skrivebord\OTL.exe
[2009.09.28 14:09:52 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009.09.28 02:20:40 | 00,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symtdi.sys
[2009.09.28 02:20:40 | 00,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symndisv.sys
[2009.09.28 02:20:40 | 00,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symndis.sys
[2009.09.28 02:20:39 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymEFA.sys
[2009.09.28 02:20:39 | 00,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtsp.sys
[2009.09.28 02:20:39 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symfw.sys
[2009.09.28 02:20:39 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtspx.sys
[2009.09.28 02:20:39 | 00,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symids.sys
[2009.09.28 02:20:38 | 00,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.sys
[2009.09.28 02:20:00 | 00,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\cchpx86.sys
[2009.09.28 02:19:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1007020.00B
[2009.09.27 23:23:31 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009.09.27 23:23:18 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009.09.27 23:23:18 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009.09.27 23:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009.09.27 19:54:03 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009.09.27 19:54:03 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009.09.27 19:54:03 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009.09.26 23:50:33 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009.09.26 23:50:13 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009.09.26 23:50:13 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009.09.26 23:50:06 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009.09.26 23:45:45 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agp440.sys
[2009.01.13 16:21:56 | 02,697,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Programfiler\mbam-setup.exe

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Eier\Programdata\*.tmp files]
[2009.10.24 01:06:00 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Clean System Memory.job
[2009.10.24 01:05:34 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eier\Skrivebord\OTL.exe
[2009.10.22 13:38:45 | 00,001,405 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009.10.22 13:38:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.10.22 13:38:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.10.22 13:38:19 | 16,100,10624 | -HS- | M] () -- C:\hiberfil.sys
[2009.10.22 13:36:47 | 13,916,256 | -H-- | M] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\IconCache.db
[2009.10.21 10:46:01 | 00,806,568 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\Cat.DB
[2009.10.16 01:01:07 | 01,143,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.10.16 01:01:07 | 00,492,006 | ---- | M] () -- C:\WINDOWS\System32\perfh014.dat
[2009.10.16 01:01:07 | 00,489,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.10.16 01:01:07 | 00,097,822 | ---- | M] () -- C:\WINDOWS\System32\perfc014.dat
[2009.10.16 01:01:07 | 00,089,074 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.10.16 00:56:32 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009.10.09 20:38:41 | 07,930,735 | ---- | M] () -- C:\Documents and Settings\Eier\Skrivebord\N904421.xml
[2009.10.07 22:07:33 | 00,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\QuickTime Player.lnk
[2009.10.06 22:49:21 | 00,139,116 | ---- | M] () -- C:\Documents and Settings\Eier\Mine dokumenter\Produkteksport i Uke 40 Wii-spill.csv
[2009.10.06 21:27:45 | 00,210,251 | ---- | M] () -- C:\Documents and Settings\Eier\Mine dokumenter\Produkteksport i Uke 40 DS-spill.csv
[2009.10.04 22:56:55 | 00,000,474 | ---- | M] () -- C:\Documents and Settings\Eier\Mine dokumenter\test.csv
[2009.10.04 00:58:42 | 00,000,468 | ---- | M] () -- C:\Documents and Settings\Eier\Mine dokumenter\Produkteksport i Uke test.csv
[2009.10.03 01:35:54 | 00,135,447 | ---- | M] () -- C:\Documents and Settings\Eier\Mine dokumenter\Produkteksport i Uke 40[1].csv
[2009.10.02 20:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009.10.01 17:57:21 | 00,011,915 | ---- | M] () -- C:\Documents and Settings\Eier\Mine dokumenter\Produkteksport i Uke 40[2].csv
[2009.09.28 11:30:55 | 00,019,890 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenter\tinyz.bin
[2009.09.28 11:30:55 | 00,015,630 | ---- | M] () -- C:\WINDOWS\System32\ybygipugux.exe
[2009.09.28 11:30:55 | 00,015,528 | ---- | M] () -- C:\WINDOWS\enefomu.bat
[2009.09.28 11:30:55 | 00,015,113 | ---- | M] () -- C:\WINDOWS\System32\zedirazyse.scr
[2009.09.28 11:30:55 | 00,012,269 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenter\vapujo.lib
[2009.09.28 10:39:49 | 00,019,866 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenter\hogezi.bat
[2009.09.28 10:39:49 | 00,019,177 | ---- | M] () -- C:\WINDOWS\System32\asimofedyz.inf
[2009.09.28 10:39:49 | 00,013,905 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenter\ehiguk.inf
[2009.09.28 10:39:49 | 00,013,426 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenter\alejyno.sys
[2009.09.28 10:39:49 | 00,011,886 | ---- | M] () -- C:\Programfiler\Fellesfiler\amoquwaz._sy
[2009.09.28 10:39:49 | 00,010,018 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenter\ajawybu.dll
[2009.09.28 10:38:19 | 00,001,975 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Norton Internet Security.lnk
[2009.09.28 02:20:42 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009.09.28 02:20:42 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009.09.28 02:20:42 | 00,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009.09.28 02:20:42 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009.09.28 02:20:00 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\cchpx86.sys
[2009.09.28 02:19:54 | 00,009,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symnetv.cat
[2009.09.28 02:19:54 | 00,001,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNetV.inf
[2009.09.28 02:19:54 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\isolate.ini
[2009.09.27 19:56:09 | 00,017,474 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenter\apezugubex._dl
[2009.09.27 19:56:09 | 00,015,225 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenter\xuxecyvege.sys
[2009.09.27 19:56:09 | 00,015,063 | ---- | M] () -- C:\WINDOWS\System32\odivonu.db
[2009.09.27 19:56:09 | 00,014,273 | ---- | M] () -- C:\Programfiler\Fellesfiler\myhet.pif
[2009.09.27 19:56:09 | 00,014,158 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenter\upyzo.sys
[2009.09.27 19:56:09 | 00,012,639 | ---- | M] () -- C:\WINDOWS\System32\xabewowu.sys
[2009.09.27 19:56:09 | 00,012,147 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenter\udonaf.vbs
[2009.09.27 19:56:09 | 00,011,386 | ---- | M] () -- C:\WINDOWS\System32\ruwugebyqi.bat
[2009.09.27 19:50:52 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\housecall.guid.cache
[2009.09.27 18:55:45 | 00,018,822 | ---- | M] () -- C:\Programfiler\Fellesfiler\fuguty.sys
[2009.09.27 18:55:45 | 00,011,822 | ---- | M] () -- C:\WINDOWS\System32\ofule.inf

========== Files - No Company Name ==========
[2009.10.16 00:50:08 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009.10.09 20:38:41 | 07,930,735 | ---- | C] () -- C:\Documents and Settings\Eier\Skrivebord\N904421.xml
[2009.10.07 22:07:32 | 00,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\QuickTime Player.lnk
[2009.10.05 00:53:49 | 00,210,251 | ---- | C] () -- C:\Documents and Settings\Eier\Mine dokumenter\Produkteksport i Uke 40 DS-spill.csv
[2009.10.04 22:49:33 | 00,000,474 | ---- | C] () -- C:\Documents and Settings\Eier\Mine dokumenter\test.csv
[2009.10.04 02:08:59 | 00,139,116 | ---- | C] () -- C:\Documents and Settings\Eier\Mine dokumenter\Produkteksport i Uke 40 Wii-spill.csv
[2009.10.04 00:58:39 | 00,000,468 | ---- | C] () -- C:\Documents and Settings\Eier\Mine dokumenter\Produkteksport i Uke test.csv
[2009.10.01 22:00:41 | 00,135,447 | ---- | C] () -- C:\Documents and Settings\Eier\Mine dokumenter\Produkteksport i Uke 40[1].csv
[2009.09.29 22:29:41 | 00,011,915 | ---- | C] () -- C:\Documents and Settings\Eier\Mine dokumenter\Produkteksport i Uke 40[2].csv
[2009.09.28 11:30:55 | 00,019,890 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenter\tinyz.bin
[2009.09.28 11:30:55 | 00,015,630 | ---- | C] () -- C:\WINDOWS\System32\ybygipugux.exe
[2009.09.28 11:30:55 | 00,015,528 | ---- | C] () -- C:\WINDOWS\enefomu.bat
[2009.09.28 11:30:55 | 00,015,113 | ---- | C] () -- C:\WINDOWS\System32\zedirazyse.scr
[2009.09.28 11:30:55 | 00,012,269 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenter\vapujo.lib
[2009.09.28 10:39:49 | 00,019,866 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenter\hogezi.bat
[2009.09.28 10:39:49 | 00,019,177 | ---- | C] () -- C:\WINDOWS\System32\asimofedyz.inf
[2009.09.28 10:39:49 | 00,013,905 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenter\ehiguk.inf
[2009.09.28 10:39:49 | 00,013,426 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenter\alejyno.sys
[2009.09.28 10:39:49 | 00,011,886 | ---- | C] () -- C:\Programfiler\Fellesfiler\amoquwaz._sy
[2009.09.28 10:39:49 | 00,010,018 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenter\ajawybu.dll
[2009.09.28 10:38:45 | 00,806,568 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\Cat.DB
[2009.09.28 10:38:19 | 00,001,975 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Norton Internet Security.lnk
[2009.09.28 02:20:40 | 00,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNet.cat
[2009.09.28 02:20:40 | 00,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNet.inf
[2009.09.28 02:20:39 | 00,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymEFA.cat
[2009.09.28 02:20:39 | 00,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtspx.cat
[2009.09.28 02:20:39 | 00,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtsp.cat
[2009.09.28 02:20:39 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\ccHPx86.cat
[2009.09.28 02:20:39 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymEFA.inf
[2009.09.28 02:20:39 | 00,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\ccHPx86.inf
[2009.09.28 02:20:39 | 00,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtspx.inf
[2009.09.28 02:20:39 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtsp.inf
[2009.09.28 02:20:38 | 00,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\bhdrvx86.cat
[2009.09.28 02:20:38 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.inf
[2009.09.28 02:19:54 | 00,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symnetv.cat
[2009.09.28 02:19:54 | 00,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNetV.inf
[2009.09.28 02:19:54 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\isolate.ini
[2009.09.27 23:23:18 | 00,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009.09.27 23:23:18 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009.09.27 23:12:23 | 16,100,10624 | -HS- | C] () -- C:\hiberfil.sys
[2009.09.27 19:56:09 | 00,017,474 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenter\apezugubex._dl
[2009.09.27 19:56:09 | 00,015,225 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenter\xuxecyvege.sys
[2009.09.27 19:56:09 | 00,015,063 | ---- | C] () -- C:\WINDOWS\System32\odivonu.db
[2009.09.27 19:56:09 | 00,014,273 | ---- | C] () -- C:\Programfiler\Fellesfiler\myhet.pif
[2009.09.27 19:56:09 | 00,014,158 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenter\upyzo.sys
[2009.09.27 19:56:09 | 00,012,639 | ---- | C] () -- C:\WINDOWS\System32\xabewowu.sys
[2009.09.27 19:56:09 | 00,012,147 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenter\udonaf.vbs
[2009.09.27 19:56:09 | 00,011,386 | ---- | C] () -- C:\WINDOWS\System32\ruwugebyqi.bat
[2009.09.27 19:50:52 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\housecall.guid.cache
[2009.09.27 18:55:45 | 00,018,822 | ---- | C] () -- C:\Programfiler\Fellesfiler\fuguty.sys
[2009.09.27 18:55:45 | 00,011,822 | ---- | C] () -- C:\WINDOWS\System32\ofule.inf
[2008.07.07 15:08:36 | 00,002,210 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2008.07.07 14:48:14 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.05.13 12:23:55 | 00,069,848 | ---- | C] () -- C:\Documents and Settings\Eier\Programdata\GDIPFONTCACHEV1.DAT
[2008.03.23 22:00:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008.02.04 19:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007.07.30 10:55:52 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007.03.29 23:00:40 | 00,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007.02.03 22:43:41 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005.02.24 22:13:37 | 00,311,296 | ---- | C] () -- C:\WINDOWS\System32\Util.dll
[2005.02.24 22:13:37 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\VideoLib.dll
[2005.02.24 22:13:37 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ResUtilityFRA.dll
[2005.02.24 22:13:37 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ResUtilityESP.dll
[2005.02.24 22:13:37 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ResUtilityENG.dll
[2005.02.24 22:13:37 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ResUtilityDEU.dll
[2005.02.24 22:13:37 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ResUtilityCZE.dll
[2005.02.24 22:13:37 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\ToolUtil.dll
[2005.02.24 22:13:36 | 00,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2005.02.24 22:13:36 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\AudioLib.dll
[2004.10.10 21:31:54 | 00,000,049 | ---- | C] () -- C:\WINDOWS\accgnat.ini
[2004.10.10 21:31:44 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\stdsoap2.dll
[2004.01.27 23:37:43 | 00,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2004.01.09 21:31:17 | 00,196,608 | ---- | C] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004.01.06 23:00:30 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Showbiz20.ini
[2003.08.09 23:17:29 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003.08.09 23:17:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003.08.08 19:59:08 | 00,000,498 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003.08.08 19:58:46 | 00,000,623 | ---- | C] () -- C:\WINDOWS\win.ini
[2003.08.08 19:58:42 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003.08.08 18:02:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003.08.08 18:01:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003.08.08 14:09:27 | 00,023,128 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003.08.08 14:08:45 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003.08.08 14:08:14 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003.08.08 13:57:27 | 00,000,461 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003.08.08 13:47:13 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2003.08.08 13:47:13 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2003.08.08 13:47:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2003.08.08 13:47:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2003.08.08 13:47:13 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2003.08.08 13:47:12 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2003.08.08 13:41:07 | 00,079,488 | ---- | C] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
[2003.08.08 13:41:01 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\fusioncache.dat
[2003.08.08 13:14:31 | 00,004,930 | ---- | C] () -- C:\Documents and Settings\All Users\Programdata\hpzinstall.log
[2003.08.08 12:59:35 | 00,003,544 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003.08.08 12:26:24 | 13,916,256 | -H-- | C] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\IconCache.db
[2003.08.08 12:20:11 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003.08.08 12:20:11 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003.08.08 12:19:52 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003.08.08 12:02:52 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Programdata\desktop.ini
[2003.08.08 11:15:37 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Eier\Programdata\desktop.ini
[2003.06.23 18:34:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002.05.24 08:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002.05.24 08:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002.03.02 04:10:02 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Programdata\TEMP:DFC5A2B2
< End of report >

----

Extras.txt

OTL Extras logfile created on: 24.10.2009 01:06:09 - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Eier\Skrivebord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

1,50 Gb Total Physical Memory | 0,77 Gb Available Physical Memory | 51,29% Memory free
2,11 Gb Paging File | 1,30 Gb Available in Paging File | 61,64% Paging File free
Paging file location(s): C:\pagefile.sys 768 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 109,42 Gb Total Space | 77,97 Gb Free Space | 71,26% Space Free | Partition Type: NTFS
Drive D: | 5,07 Gb Total Space | 0,70 Gb Free Space | 13,74% Space Free | Partition Type: FAT32
Drive E: | 479,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 584,14 Gb Total Space | 389,34 Gb Free Space | 66,65% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THOMAS-HJEMME
Current User Name: Eier
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Programfiler\Opera\opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Programfiler\Adobe\Adobe GoLive CS\GoLive.exe" "%1" (Adobe Systems Incorporated)
htmlfile [open] -- "C:\Programfiler\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programfiler\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Programfiler\Opera\Opera.exe" (Opera Software)
https [open] -- "C:\Programfiler\Opera\Opera.exe" (Opera Software)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programfiler\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programfiler\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programfiler\Last.fm\LastFM.exe" = C:\Programfiler\Last.fm\LastFM.exe:*:Enabled:LastFM -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programfiler\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe" = C:\Programfiler\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:*:Enabled:TwonkyMedia -- (PacketVideo)
"C:\Programfiler\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe" = C:\Programfiler\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer -- ()
"C:\Programfiler\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programfiler\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Programfiler\Fellesfiler\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programfiler\Fellesfiler\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Programfiler\Bonjour\mDNSResponder.exe" = C:\Programfiler\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Programfiler\iTunes\iTunes.exe" = C:\Programfiler\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programfiler\Spotify\spotify.exe" = C:\Programfiler\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03528A01-7E5E-4C5F-94DF-1D8012E969EF}" = Nokia Map Loader
"{035A0014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Encyclopedia Standard - WE 2003
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Programvare
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098637A9-C208-4398-8374-853151D35200}" = SkinsHP2
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BA6B649-579C-4C8B-8B2D-9DD0A75E6E40}" = Nokia Photos
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0CFF0BFE-B750-4ECA-882D-03B8C6A9F26A}" = Nokia Ovi Content Copier
"{0D025345-1033-4F35-A5CE-68CDCDE6CC03}" = Evernote
"{11946FA8-329A-4DDF-B867-A32781FED8EE}" = HPImageZone
"{12808370-8A8B-4A0A-8A96-385C309A58D6}" = InterVideo Home Theater
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1933FE45-AF8D-482D-9BC7-5F651BBF0A4F}" = Nokia Ovi System Utilities
"{1A91D1FA-B9B3-4556-9878-5C61059A19B2}" = InterVideo WinDVDX
"{1CBE3804-20DF-48DA-B048-895C206E80A5}" = Microsoft SQL Server VSS Writer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MAMUT)
"{2BAB23B0-70CE-4E7C-85B4-36154482CD57}" = Nokia Ovi Suite
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3476E8FA-00F1-48AF-8771-236C84FC7CB8}" = iPod for Windows 2005-01-11
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C9414-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3EAC35F4-FF26-4123-9404-0B5B93DAB570}" = Microsoft .NET Framework 1.1 Norwegian Language Pack
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{42948B02-7191-40CF-92AA-4E330869B28B}" = HPIZ Fix2
"{42E90AD2-1D4C-4163-BB9A-06C395623C94}" = Microsoft Works 7.0
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.75
"{59367F7E-D7C1-4629-8AEC-71AA24A68F31}" = Nokia Software Updater
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5AD92ED9-5C88-46B1-AA65-E46A459E7C60}" = iPod Updater 2004-07-15
"{5D7F0A0E-369E-46C0-9F99-FAB21A064781}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{68E9A0DF-ED47-11D5-A3F2-00A0CC5DF8D2}" = Intellex Player
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CEC5DEA-44D1-4C56-978E-56BFD84AF10D}" = Nokia Ovi One Touch Access
"{6E448242-1967-4470-A3F5-FFB62B341D8F}" = 2600
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2
"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP
"{7F22ADCE-3549-49C2-BC16-07B692F57EFF}" = 2600_Help
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}" = InterVideo WinDVRX
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8A790D33-7B42-4D82-8695-F912A7E0A94C}" = Telenorhjelpen
"{911B0414-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{9F15F5AD-AA10-46d9-B34D-AF2945DC65A6}" = 2600Trb
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B55690B9-756E-41C6-8418-84AB04A5A605}" = Nokia Ovi Music Manager
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9266252-00CB-4140-B740-DE88FC0F7609}" = hpmdtab
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D353C323-5E95-4873-9825-9FEC1C8A3794}" = Nokia Download!
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DAC63ECB-4571-435F-9B19-51F54BC88109}" = Nokia Home Media Server
"{E3C02B6C-A6CF-464F-BD15-ECFF456C3677}" = InterVideo Teletext Epg Scanner
"{E5145D2D-793B-4A16-BA42-3F13EEAA7D5E}" = iTunes
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}" = Microsoft AutoRoute 2002
"{FC762E57-B09D-41AE-AA5F-3DAC3CBE453E}" = Nokia Ovi Application Installer
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-driverpakke - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"All ATI Software" = ATI - Avinstalleringsverktøy for Programvaren
"AntivirusPro_2010" = Antivirus Pro 2010
"ATI Display Driver" = ATI Display Driver
"Avento CMS Uploader" = Avento CMS Uploader 1.0
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner (remove only)
"CleanMem1.2" = CleanMem
"CSCLIB" = Canon Camera Support Core Library
"Defraggler" = Defraggler (remove only)
"DivX Codec" = Remove DivX Codec
"DivX Player" = DivX Player
"DPP" = Canon Utilities Digital Photo Professional 2.2
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-driverpakke - Nokia Modem (06/01/2009 4.1)
"EOS Utility" = Canon Utilities EOS Utility
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-driverpakke - Nokia Modem (06/01/2009 7.01.0.3)
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{3476E8FA-00F1-48AF-8771-236C84FC7CB8}" = iPod for Windows 2005-01-11
"InstallShield_{5AD92ED9-5C88-46B1-AA65-E46A459E7C60}" = iPod Updater 2004-07-15
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Java Web Start" = Java Web Start
"LastFM_is1" = Last.fm 1.0.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mp3tag" = Mp3tag v2.43
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3008
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3008
"Nokia Ovi Music Manager" = Nokia Ovi Music Manager 6.85.3008
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3008
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3008
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"RescuePRO-3.0" = RescuePRO 3.2
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"Shockwave" = Shockwave
"Spotify" = Spotify
"Spyware Doctor" = Spyware Doctor 6.1
"Telenorhjelpen" = Telenorhjelpen
"TelenorSikkerLagring_is1" = Telenor Sikker Lagring (2.3.242)
"TwonkyvisionUPnPTwonkyMedia" = TwonkyMedia
"Warp Pipe" = Warp Pipe Beta
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Werkkzeug1" = Werkkzeug1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Startprogram for installasjon av Works 2003
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2486099585-3324090725-2328671551-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"myVRnpapi" = Sesam Kart 3D NPAPI Viewer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27.09.2009 19:29:59 | Computer Name = THOMAS-HJEMME | Source = MSSQL$MAMUT | ID = 17207
Description = FCB::RemoveAlternateStreams: Operating system error 6(Ugyldig referanse.)
occurred while creating or opening file 'C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 27.09.2009 19:30:10 | Computer Name = THOMAS-HJEMME | Source = MSSQL$MAMUT | ID = 17207
Description = FCB::RemoveAlternateStreams: Operating system error 6(Ugyldig referanse.)
occurred while creating or opening file 'C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\model.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 27.09.2009 19:30:10 | Computer Name = THOMAS-HJEMME | Source = MSSQL$MAMUT | ID = 17207
Description = FCB::RemoveAlternateStreams: Operating system error 6(Ugyldig referanse.)
occurred while creating or opening file 'C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\MSDBData.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 27.09.2009 19:30:19 | Computer Name = THOMAS-HJEMME | Source = MSSQL$MAMUT | ID = 17207
Description = FCB::RemoveAlternateStreams: Operating system error 6(Ugyldig referanse.)
occurred while creating or opening file 'C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\tempdb.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 27.09.2009 19:30:20 | Computer Name = THOMAS-HJEMME | Source = MSSQL$MAMUT | ID = 17207
Description = FCB::RemoveAlternateStreams: Operating system error 6(Ugyldig referanse.)
occurred while creating or opening file 'C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\tempdb.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 28.09.2009 04:40:23 | Computer Name = THOMAS-HJEMME | Source = MsiInstaller | ID = 11706
Description = Produkt: Nokia Photos -- Feil 1706. Finner ikke en installasjonspakke
for produktet Nokia Photos. Prøv å installere på nytt ved hjelp av en gyldig kopi
av installasjonspakken Nokia Photos.msi.

Error - 28.09.2009 05:29:02 | Computer Name = THOMAS-HJEMME | Source = MsiInstaller | ID = 11706
Description = Produkt: Nokia Photos -- Feil 1706. Finner ikke en installasjonspakke
for produktet Nokia Photos. Prøv å installere på nytt ved hjelp av en gyldig kopi
av installasjonspakken Nokia Photos.msi.

Error - 09.10.2009 15:21:25 | Computer Name = THOMAS-HJEMME | Source = Application Hang | ID = 1002
Description = Hengende program soffice.bin, versjon 3.1.9398.500, hengende modul
hungapp, versjon 0.0.0.0, hengeadresse 0x00000000.

Error - 09.10.2009 15:22:56 | Computer Name = THOMAS-HJEMME | Source = Application Hang | ID = 1002
Description = Hengende program soffice.bin, versjon 3.1.9398.500, hengende modul
hungapp, versjon 0.0.0.0, hengeadresse 0x00000000.

Error - 09.10.2009 18:16:52 | Computer Name = THOMAS-HJEMME | Source = Application Hang | ID = 1002
Description = Hengende program soffice.bin, versjon 3.1.9398.500, hengende modul
hungapp, versjon 0.0.0.0, hengeadresse 0x00000000.

[ System Events ]
Error - 22.10.2009 07:31:59 | Computer Name = THOMAS-HJEMME | Source = Cdrom | ID = 262151
Description = Enheten \Device\CdRom0 har en dårlig blokk.

Error - 22.10.2009 07:32:10 | Computer Name = THOMAS-HJEMME | Source = Cdrom | ID = 262151
Description = Enheten \Device\CdRom0 har en dårlig blokk.

Error - 22.10.2009 07:32:21 | Computer Name = THOMAS-HJEMME | Source = Cdrom | ID = 262151
Description = Enheten \Device\CdRom0 har en dårlig blokk.

Error - 22.10.2009 07:32:31 | Computer Name = THOMAS-HJEMME | Source = atapi | ID = 262153
Description = Enheten \Device\Ide\IdePort1 svarte ikke før tidsavbruddet utløp.

Error - 22.10.2009 07:32:43 | Computer Name = THOMAS-HJEMME | Source = Cdrom | ID = 262151
Description = Enheten \Device\CdRom0 har en dårlig blokk.

Error - 22.10.2009 07:32:54 | Computer Name = THOMAS-HJEMME | Source = Cdrom | ID = 262151
Description = Enheten \Device\CdRom0 har en dårlig blokk.

Error - 22.10.2009 07:33:05 | Computer Name = THOMAS-HJEMME | Source = Cdrom | ID = 262151
Description = Enheten \Device\CdRom0 har en dårlig blokk.

Error - 22.10.2009 07:33:14 | Computer Name = THOMAS-HJEMME | Source = Cdrom | ID = 262151
Description = Enheten \Device\CdRom0 har en dårlig blokk.

Error - 22.10.2009 07:39:41 | Computer Name = THOMAS-HJEMME | Source = Service Control Manager | ID = 7000
Description = Tjenesten Rpc35naydncp kan ikke startes på grunn av følgende feil:
%%2

Error - 22.10.2009 07:40:18 | Computer Name = THOMAS-HJEMME | Source = Service Control Manager | ID = 7011
Description = Tidsavbrudd (30000 millisekunder). Venter på et transaksjonssvar fra
tjenesten Norton Internet Security.


< End of report >

----

Malwarebytes logfile

Malwarebytes' Anti-Malware 1.41
Databaseversjon: 3021
Windows 5.1.2600 Service Pack 3

24.10.2009 01:16:49
mbam-log-2009-10-24 (01-16-49).txt

Skanntype: Rask Skann
Objekter skannet: 113736
Tid tilbakelagt: 5 minute(s), 21 second(s)

Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 3
Registerverdier infisert: 1
Registerfiler infisert: 0
Mapper infisert: 2
Filer infisert: 4

Minneprosesser infisert:
(Ingen mistenkelige filer funnet)

Minnemoduler infisert:
(Ingen mistenkelige filer funnet)

Registernøkler infisert:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\lizkavd (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registerverdier infisert:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registerfiler infisert:
(Ingen mistenkelige filer funnet)

Mapper infisert:
C:\Programfiler\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Start-meny\Programmer\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.

Filer infisert:
C:\Documents and Settings\LocalService\Start-meny\Programmer\AntivirusPro_2010\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Start-meny\Programmer\AntivirusPro_2010\Uninstall.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:10 AM

Posted 26 October 2009 - 11:39 AM

Hi,

how is your PC behaving?

Please run the following rootkit scan, to see if your PC is infected:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 thomaser

thomaser
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 26 October 2009 - 03:20 PM

Hi, I'm afraid I cannot get RootRepeal to work. It hangs up on initialization most times, and if I get it to open, it gives me a number of error-messages and the program ends.

My computer has been working fine the last few weeks, but the various antispyware-programs always find traces of spyware after I've rebooted the system.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:10 AM

Posted 26 October 2009 - 04:29 PM

Hi,

please try the following before running Rootrepeal and let me know if it helps:

Please start RootRepeal, and, before doing anything else, try changing the "Disk Access Level" in the Settings->Options dialog. Try moving it to the "Special" or "High" level. Also, click on the Files tab, and uncheck "Use lowest level for MBR check". Please let me know if this fixes the problem.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 thomaser

thomaser
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 26 October 2009 - 05:05 PM

Here's what happens:

At startup (I have to click the RootRepeal icon twice and open two processes to get the program to start. The first process hang up at the initializing, the second opens the program). Then I get these error messages:

22:49:12: FOPS - DeviceIoControl Error! Error Code = 0xc0000001 Extended Info (0x000000cc)
22:49:12: DeviceIoControl Error! Error Code = 0x1e7
22:49:12: FOPS - DeviceIoControl Error! Error Code = 0xc0000001 Extended Info (0x000000cc)

When setting Disk Access level to special or high and unchecking "Use lowest level for MBR check", then trying to scan, I get these error messages after a short while:

- "Could not initialize driver! Please contact the author!"
- "Error dumping SSDT (0xc0000001)!"
- "Attempt to read from address: 0x00000004"
- "Attempt to read from address: 0x00000e68"
- "Attempt to read from address_ 0x00000b14"
- "The instruction in "0x7c910a19" referred to address "0x00000fa0". Memory could not be "read". Click OK to end the program."

Sometimes I get the "send info to Microsoft" pop-up too, and the program ends.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:10 AM

Posted 26 October 2009 - 05:25 PM

Hi,

ok let's try another program then:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 thomaser

thomaser
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 28 October 2009 - 08:42 AM

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-27 09:02:28
Windows 5.1.2600 Service Pack 3
Running: yol7xi8t.exe; Driver: C:\DOCUME~1\Eier\LOKALE~1\Temp\pwdcqaod.sys


---- System - GMER 1.0.15 ----

SSDT 8923B8E0 ZwAlertResumeThread
SSDT 8923B9A0 ZwAlertThread
SSDT 89241410 ZwAllocateVirtualMemory
SSDT 8924A070 ZwAssignProcessToJobObject
SSDT 89703DE8 ZwConnectPort
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7495514]
SSDT 8900A008 ZwCreateMutant
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7484282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7484474]
SSDT 88F82210 ZwCreateSymbolicLinkObject
SSDT 891A7170 ZwCreateThread
SSDT 8924A008 ZwDebugActiveProcess
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7495D00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7495FB8]
SSDT 896A2A20 ZwDuplicateObject
SSDT 89704740 ZwFreeVirtualMemory
SSDT 8923C548 ZwImpersonateAnonymousToken
SSDT 88FFDB20 ZwImpersonateThread
SSDT 896976F8 ZwLoadDriver
SSDT 89302900 ZwMapViewOfSection
SSDT 8900A060 ZwOpenEvent
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF74943FA]
SSDT 896146B0 ZwOpenProcess
SSDT 892BB8A0 ZwOpenProcessToken
SSDT 891A70F0 ZwOpenSection
SSDT 89614620 ZwOpenThread
SSDT 895AEA18 ZwProtectVirtualMemory
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7496422]
SSDT 8960A538 ZwResumeThread
SSDT 88FEB6B0 ZwSetContextThread
SSDT 8974ED08 ZwSetInformationProcess
SSDT 89761428 ZwSetSystemInformation
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF74957D8]
SSDT 8920FF48 ZwSuspendProcess
SSDT 88FF7F88 ZwSuspendThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7483F32]
SSDT 8974EC88 ZwTerminateThread
SSDT 89704680 ZwUnmapViewOfSection
SSDT 891BAAE8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + F2 804E492C 4 Bytes CALL ADD7B96E
.text ntoskrnl.exe!ZwYieldExecution + 29A 804E4AD4 4 Bytes JMP A4AA895A
.text ntoskrnl.exe!ZwYieldExecution + 4CA 804E4D04 4 Bytes CALL EAD768B3
? SYMEFA.SYS Systemet finner ikke angitt fil. !
? C:\WINDOWS\system32\drivers\rootrepeal.sys Systemet finner ikke angitt fil. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1

---- EOF - GMER 1.0.15 ----

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:10 AM

Posted 29 October 2009 - 12:20 PM

Hi,

the gmer log looks ok. Malwarebytes did take care of a couple of infections. How is your PC doing now? Could you give me an example of what is still found on your system? For example the name of the infection and the path to the file where the infection is found?

Please also provide a new OTL log. (only otl.txt will be created)

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 thomaser

thomaser
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 02 November 2009 - 03:24 PM

Hi, and thank you for your help! I cannot find anything wrong on my system now. Rebooted and scanned with several programs, but nothing came up. So it looks like it's fine now. AntiVirus 2010 has resurfaced several times before after being removed by the antispyware programs, but maybe it's gone for good this time.

Here's the new OTL log:

OTL logfile created on: 02.11.2009 20:41:55 - Run 2
OTL by OldTimer - Version 3.1.3.0 Folder = C:\Documents and Settings\Eier\Skrivebord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

1,50 Gb Total Physical Memory | 0,52 Gb Available Physical Memory | 34,36% Memory free
2,11 Gb Paging File | 0,98 Gb Available in Paging File | 46,70% Paging File free
Paging file location(s): C:\pagefile.sys 768 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 109,42 Gb Total Space | 77,56 Gb Free Space | 70,88% Space Free | Partition Type: NTFS
Drive D: | 5,07 Gb Total Space | 0,70 Gb Free Space | 13,74% Space Free | Partition Type: FAT32
Drive E: | 479,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 584,14 Gb Total Space | 389,34 Gb Free Space | 66,65% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THOMAS-HJEMME
Current User Name: Eier
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009.11.02 20:41:13 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eier\Skrivebord\OTL.exe
PRC - [2009.11.02 14:52:53 | 02,000,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programfiler\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009.10.19 15:50:14 | 00,832,296 | ---- | M] (Opera Software) -- C:\Programfiler\Opera\opera.exe
PRC - [2009.09.05 00:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Programfiler\QuickTime\QTTask.exe
PRC - [2009.08.26 01:09:09 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009.08.26 01:09:09 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009.07.25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Java\jre6\bin\jusched.exe
PRC - [2009.07.25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Java\jre6\bin\jqs.exe
PRC - [2009.07.22 21:44:50 | 01,181,064 | ---- | M] (PC Tools) -- C:\Programfiler\Spyware Doctor\pctsTray.exe
PRC - [2009.07.22 21:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Programfiler\Spyware Doctor\pctsSvc.exe
PRC - [2009.06.25 14:12:42 | 01,414,144 | ---- | M] (Nokia) -- C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009.06.02 09:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009.05.28 12:45:00 | 00,132,096 | ---- | M] (Nokia) -- C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009.05.26 11:01:18 | 00,184,320 | ---- | M] (Telenor) -- C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe
PRC - [2009.04.23 05:29:18 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Programfiler\OpenOffice.org 3\program\soffice.bin
PRC - [2009.04.23 05:29:14 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Programfiler\OpenOffice.org 3\program\soffice.exe
PRC - [2009.03.30 09:11:14 | 00,120,320 | ---- | M] (Nokia) -- C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.03.11 13:52:26 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Programfiler\iTunes\iTunesHelper.exe
PRC - [2009.03.11 13:52:22 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Programfiler\iPod\bin\iPodService.exe
PRC - [2009.03.06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009.01.07 11:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Programfiler\Spyware Doctor\pctsAuxs.exe
PRC - [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programfiler\Bonjour\mDNSResponder.exe
PRC - [2008.07.17 11:42:44 | 01,011,712 | ---- | M] () -- C:\Programfiler\Fellesfiler\Nokia\MPlatform\NokiaMServer.exe
PRC - [2008.04.14 17:22:59 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Outlook Express\msimn.exe
PRC - [2008.04.14 17:22:49 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.21 03:57:26 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007.12.21 03:57:26 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007.08.09 08:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007.05.18 21:49:13 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007.05.08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Programfiler\HP\HP Software Update\hpwuSchd2.exe
PRC - [2005.10.14 11:51:45 | 28,768,528 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2005.09.30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Programfiler\Canon\CAL\CALMAIN.exe
PRC - [2005.02.02 16:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2005.01.12 13:54:58 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe
PRC - [2004.05.28 23:08:52 | 00,520,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
PRC - [2004.05.28 22:31:38 | 00,241,664 | ---- | M] (Hewlett-Packard Co.) -- C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2003.10.24 05:37:56 | 00,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Programfiler\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
PRC - [2003.05.23 01:58:46 | 00,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003.04.03 19:35:38 | 00,050,176 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [2002.10.07 06:23:20 | 00,090,112 | ---- | M] () -- C:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
PRC - [1998.05.07 15:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2009.11.02 20:41:13 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eier\Skrivebord\OTL.exe
MOD - [2009.08.26 01:09:06 | 00,419,696 | R--- | M] (Symantec Corporation) -- C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\asOEHook.dll
MOD - [2009.02.13 13:16:54 | 00,140,680 | ---- | M] (PC Tools) -- C:\Programfiler\Spyware Doctor\PCTGMhk.dll
MOD - [2009.02.13 13:11:44 | 00,100,864 | ---- | M] (PC Tools) -- C:\Programfiler\Spyware Doctor\klg.dat
MOD - [2008.04.14 17:22:02 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008.04.14 17:19:05 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009.08.26 01:09:09 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009.07.25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009.07.22 21:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Programfiler\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009.06.02 09:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.03.11 13:52:22 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Programfiler\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009.03.06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.01.07 11:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Programfiler\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programfiler\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008.07.29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008.07.29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008.07.29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.07.25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.07.25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008.07.09 15:03:48 | 00,102,400 | ---- | M] (PacketVideo) -- C:\Programfiler\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -- (TwonkyMedia)
SRV - [2008.04.14 17:22:17 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007.12.21 03:57:26 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007.12.20 20:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2007.11.15 21:30:48 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Programfiler\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2007.08.09 08:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007.02.14 22:47:14 | 00,138,168 | ---- | M] (Google) -- C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2006.10.18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005.10.14 11:51:45 | 28,768,528 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MAMUT)
SRV - [2005.10.14 11:51:12 | 00,239,320 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005.10.14 11:50:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005.10.14 03:53:50 | 00,087,768 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.09.30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Programfiler\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004.10.22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.09.08 14:14:52 | 00,068,096 | ---- | M] () -- C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2003.10.13 15:24:14 | 00,061,440 | ---- | M] (Adobe Sytems) -- C:\Programfiler\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue)
SRV - [2003.05.02 22:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)


========== Driver Services (SafeList) ==========

DRV - [2009.10.28 23:37:22 | 00,329,592 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091028.004\IDSXpx86.sys -- (IDSxpx86) IDSxpx86 [Kernel | System | Running]
DRV - [2009.09.28 01:20:42 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) SymEvent [Kernel | On_Demand | Running]
DRV - [2009.09.28 01:20:00 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\ccHPx86.sys -- (ccHP) Symantec Hash Provider [Kernel | System | Running]
DRV - [2009.09.27 09:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091102.003\NAVEX15.SYS -- (NAVEX15) NAVEX15 [Kernel | On_Demand | Running]
DRV - [2009.09.27 09:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Programfiler\Fellesfiler\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running]
DRV - [2009.09.27 09:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running]
DRV - [2009.09.27 09:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091102.003\NAVENG.SYS -- (NAVENG) NAVENG [Kernel | On_Demand | Running]
DRV - [2009.08.26 01:09:10 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SYMEFA.SYS -- (SymEFA) Symantec Extended File Attributes [File_System | Boot | Running]
DRV - [2009.08.26 01:09:10 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SRTSP.SYS -- (SRTSP) Symantec Real Time Storage Protection [File_System | System | Running]
DRV - [2009.08.26 01:09:10 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys -- (BHDrvx86) Symantec Heuristics Driver [Kernel | System | Running]
DRV - [2009.08.26 01:09:10 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS -- (SYMTDI) Symantec Network Dispatch Driver [Kernel | System | Running]
DRV - [2009.08.26 01:09:10 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMFW.SYS -- (SYMFW) Symantec Network Filter Driver [Kernel | On_Demand | Running]
DRV - [2009.08.26 01:09:10 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) [Kernel | System | Running]
DRV - [2009.08.26 01:09:10 | 00,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMNDIS.SYS -- (SYMNDIS) Symantec Network Filter Driver [Kernel | On_Demand | Running]
DRV - [2009.08.26 01:09:10 | 00,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMIDS.SYS -- (SYMIDS) Symantec Network Filter Driver [Kernel | On_Demand | Running]
DRV - [2009.08.26 01:08:51 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP) SymIMMP [Kernel | On_Demand | Running]
DRV - [2009.08.26 01:08:51 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM) Symantec Network Security Intermediate Filter Service [Kernel | On_Demand | Stopped]
DRV - [2009.08.13 06:04:05 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Programfiler\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) SASKUTIL [Kernel | System | Running]
DRV - [2009.05.01 13:47:40 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Programfiler\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) SASDIFSV [Kernel | System | Stopped]
DRV - [2009.04.03 09:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore) PCTools KDS [File_System | Boot | Running]
DRV - [2009.02.21 01:24:00 | 00,043,672 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K) AFS2K [Kernel | System | Running]
DRV - [2009.01.15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running]
DRV - [2008.08.26 09:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) PCCS Mode Change Filter Driver [Kernel | On_Demand | Stopped]
DRV - [2008.04.13 17:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) Secdrv [Kernel | On_Demand | Stopped]
DRV - [2007.12.21 04:53:20 | 02,843,136 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) ati2mtag [Kernel | On_Demand | Running]
DRV - [2007.11.15 21:30:48 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (npf) NetGroup Packet Filter Driver [Kernel | Auto | Running]
DRV - [2007.03.08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20) PxHelp20 [Kernel | Boot | Running]
DRV - [2006.02.16 15:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Programfiler\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) SASENUM [Kernel | On_Demand | Running]
DRV - [2005.12.12 17:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2) Ps2 [Kernel | On_Demand | Running]
DRV - [2005.10.22 06:22:48 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running]
DRV - [2005.10.21 18:58:58 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running]
DRV - [2005.10.21 18:58:52 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running]
DRV - [2004.08.04 06:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) nv [Kernel | On_Demand | Stopped]
DRV - [2004.08.04 06:29:51 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr) S3Psddr [Kernel | On_Demand | Stopped]
DRV - [2003.08.11 12:22:54 | 00,040,228 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt) Alcor Micro Corp - 9360 [Kernel | On_Demand | Stopped]
DRV - [2003.06.30 23:05:36 | 00,756,444 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running]
DRV - [2003.05.21 22:33:30 | 00,196,352 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running]
DRV - [2003.05.21 22:32:32 | 00,631,296 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) winachsf [Kernel | On_Demand | Running]
DRV - [2003.05.21 22:31:22 | 01,063,040 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) HSF_DP [Kernel | On_Demand | Running]
DRV - [2003.05.09 09:16:58 | 00,331,392 | ---- | M] (Philips Semiconductors) -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) ASUS TV7134 WDM Video Capture [Kernel | On_Demand | Stopped]
DRV - [2003.05.06 14:34:56 | 00,394,752 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315) SiS315 [Kernel | On_Demand | Stopped]
DRV - [2003.04.28 21:33:28 | 00,024,192 | ---- | M] (Philips Semiconductors) -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune) ASUS WDM TV Tuner [Kernel | On_Demand | Stopped]
DRV - [2003.04.15 16:40:54 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Stopped]
DRV - [2003.04.15 16:40:46 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped]
DRV - [2003.04.15 16:39:46 | 00,090,907 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm) ialm [Kernel | On_Demand | Stopped]
DRV - [2003.04.11 07:51:30 | 00,010,624 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp) SiSkp [Kernel | System | Running]
DRV - [2003.04.09 20:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk) mdmxsdk [Kernel | Auto | Running]
DRV - [2003.03.19 21:51:00 | 00,018,688 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp) NVIDIA nForce AGP Bus Filter [Kernel | Boot | Running]
DRV - [2003.02.20 15:18:36 | 00,036,608 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP) SiS AGP Filter [Kernel | Boot | Running]
DRV - [2002.12.27 10:41:00 | 00,026,880 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1) VIA AGP Filter [Kernel | Boot | Running]
DRV - [2002.11.15 03:15:00 | 00,012,640 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr) iTouch Keyboard Filter [Kernel | On_Demand | Stopped]
DRV - [2002.11.08 10:50:00 | 00,070,238 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running]
DRV - [2002.11.08 10:50:00 | 00,052,238 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2) Logitech PS/2 Mouse Filter Driver [Kernel | On_Demand | Running]
DRV - [2002.10.30 15:14:50 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) Direkte parallell koblingsdriver [Kernel | On_Demand | Running]
DRV - [2002.10.04 16:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver [Kernel | On_Demand | Running]
DRV - [2002.10.01 09:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) Padus ASPI Shell [Kernel | On_Demand | Running]


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tendo.no/edit
IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\S-1-5-21-2486099585-3324090725-2328671551-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\S-1-5-21-2486099585-3324090725-2328671551-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\S-1-5-21-2486099585-3324090725-2328671551-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.mimer.no:8080

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programfiler\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.07.03 22:29:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.02 02:00:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programfiler\Java\jre6\lib\deploy\jqs\ff [2009.06.08 22:22:40 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Telenor Telenorhjelpen Plugin) - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll (Telenor)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar3.dll ()
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar3.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar3.dll ()
O3 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar3.dll ()
O3 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CamMonitor] c:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [Clean System Memory 120 Sec. After Startup] C:\WINDOWS\System32\CleanMem.exe (PCWinTech.com)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISTray] C:\Programfiler\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Programfiler\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Programfiler\Fellesfiler\Nokia\MPlatform\NokiaMServer.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Programfiler\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [StorageGuard] C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Telenorhjelpen] C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe (Telenor)
O4 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003..\Run: [PC Suite Tray] C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\mod_sm.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Acrobat Assistant.lnk = C:\Programfiler\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\HP Digital Imaging Monitor.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\HP Image Zone Hurtigstart.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Nokia Ovi Suite.lnk = C:\Programfiler\Nokia\Ovi\Suite\RunLauncher.exe (Nokia)
O4 - Startup: C:\Documents and Settings\Default User\Start-meny\Programmer\Oppstart\mod_sm.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Eier\Start-meny\Programmer\Oppstart\OpenOffice.org 3.1.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2486099585-3324090725-2328671551-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: Add to Evernote - C:\Programfiler\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Download all by Net Transport - C:\Programfiler\Xi\NetTransport 2\NTAddList.html File not found
O8 - Extra context menu item: Download by Net Transport - C:\Programfiler\Xi\NetTransport 2\NTAddLink.html File not found
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Programfiler\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Programfiler\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1206572371765 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} http://toolbar.google.com/data/no/big/1.1....g/GoogleNav.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://download.abacast.com/download/files/abasetup144.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programfiler\Fellesfiler\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programfiler\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programfiler\Fellesfiler\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Min gjeldende hjemmeside) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.08.08 10:11:12 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001.07.27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002.09.10 12:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003.04.12 09:05:00 | 00,000,029 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009.06.27 01:49:44 | 00,000,000 | R--D | M] - E:\Autokey utility -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,675 | R--- | M] () - E:\auto-ar.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,003,028 | R--- | M] () - E:\auto-cs.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,953 | R--- | M] () - E:\auto-da.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,789 | R--- | M] () - E:\auto-de.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,926 | R--- | M] () - E:\auto-en.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,701 | R--- | M] () - E:\auto-es.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,003,054 | R--- | M] () - E:\auto-fi.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,003,090 | R--- | M] () - E:\auto-fr.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,776 | R--- | M] () - E:\auto-hu.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,737 | R--- | M] () - E:\auto-it.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,003,609 | R--- | M] () - E:\auto-ja.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,003,092 | R--- | M] () - E:\auto-ko.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,928 | R--- | M] () - E:\auto-nl.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,898 | R--- | M] () - E:\auto-no.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,645 | R--- | M] () - E:\auto-pl.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,571 | R--- | M] () - E:\auto-pt.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,003,052 | R--- | M] () - E:\auto-ro.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,004,026 | R--- | M] () - E:\auto-ru.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,850 | R--- | M] () - E:\auto-sc.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,948 | R--- | M] () - E:\auto-sk.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,750 | R--- | M] () - E:\auto-sl.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,980 | R--- | M] () - E:\auto-sv.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,003,718 | R--- | M] () - E:\auto-tc.html -- [ CDFS ]
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002.09.10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009.11.02 20:41:10 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eier\Skrivebord\OTL.exe
[2009.10.13 12:14:46 | 00,000,000 | ---D | C] -- C:\Programfiler\Amazon
[2009.10.07 21:07:14 | 00,000,000 | ---D | C] -- C:\Programfiler\QuickTime
[2009.01.13 15:21:56 | 02,697,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Programfiler\mbam-setup.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Eier\Programdata\*.tmp files -> C:\Documents and Settings\Eier\Programdata\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009.11.02 20:41:13 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eier\Skrivebord\OTL.exe
[2009.11.02 20:36:00 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Clean System Memory.job
[2009.11.02 14:00:57 | 01,185,708 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.11.02 14:00:57 | 00,492,006 | ---- | M] () -- C:\WINDOWS\System32\perfh014.dat
[2009.11.02 14:00:57 | 00,489,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.11.02 14:00:57 | 00,097,822 | ---- | M] () -- C:\WINDOWS\System32\perfc014.dat
[2009.11.02 14:00:57 | 00,089,074 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.11.02 13:56:51 | 00,079,024 | ---- | M] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
[2009.11.02 13:56:29 | 00,001,405 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009.11.02 13:56:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.11.02 13:56:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.11.02 13:56:01 | 16,100,10624 | -HS- | M] () -- C:\hiberfil.sys
[2009.11.02 13:56:01 | 00,276,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.11.02 13:55:16 | 06,553,600 | ---- | M] () -- C:\Documents and Settings\Eier\ntuser.dat
[2009.11.02 13:54:53 | 00,000,184 | -HS- | M] () -- C:\Documents and Settings\Eier\ntuser.ini
[2009.11.02 13:54:08 | 14,448,394 | -H-- | M] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\IconCache.db
[2009.11.01 12:59:57 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Opera.lnk
[2009.10.27 00:08:21 | 00,291,328 | ---- | M] () -- C:\Documents and Settings\Eier\Skrivebord\yol7xi8t.exe
[2009.10.26 20:21:40 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Eier\settings.dat
[2009.10.15 23:56:32 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009.10.09 19:38:41 | 07,930,735 | ---- | M] () -- C:\Documents and Settings\Eier\Skrivebord\N904421.xml
[2009.10.07 21:07:33 | 00,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\QuickTime Player.lnk
[2009.10.06 21:49:21 | 00,139,116 | ---- | M] () -- C:\Documents and Settings\Eier\Mine dokumenter\Produkteksport i Uke 40 Wii-spill.csv
[2009.10.06 20:27:45 | 00,210,251 | ---- | M] () -- C:\Documents and Settings\Eier\Mine dokumenter\Produkteksport i Uke 40 DS-spill.csv
[2009.10.04 21:56:55 | 00,000,474 | ---- | M] () -- C:\Documents and Settings\Eier\Mine dokumenter\test.csv
[2009.10.03 23:58:42 | 00,000,468 | ---- | M] () -- C:\Documents and Settings\Eier\Mine dokumenter\Produkteksport i Uke test.csv
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Eier\Programdata\*.tmp files -> C:\Documents and Settings\Eier\Programdata\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009.10.27 00:08:20 | 00,291,328 | ---- | C] () -- C:\Documents and Settings\Eier\Skrivebord\yol7xi8t.exe
[2009.10.26 20:20:12 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Eier\settings.dat
[2009.10.15 23:50:08 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009.10.09 19:38:41 | 07,930,735 | ---- | C] () -- C:\Documents and Settings\Eier\Skrivebord\N904421.xml
[2009.10.07 21:07:32 | 00,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\QuickTime Player.lnk
[2009.10.04 23:53:49 | 00,210,251 | ---- | C] () -- C:\Documents and Settings\Eier\Mine dokumenter\Produkteksport i Uke 40 DS-spill.csv
[2009.10.04 21:49:33 | 00,000,474 | ---- | C] () -- C:\Documents and Settings\Eier\Mine dokumenter\test.csv
[2009.10.04 01:08:59 | 00,139,116 | ---- | C] () -- C:\Documents and Settings\Eier\Mine dokumenter\Produkteksport i Uke 40 Wii-spill.csv
[2009.10.03 23:58:39 | 00,000,468 | ---- | C] () -- C:\Documents and Settings\Eier\Mine dokumenter\Produkteksport i Uke test.csv
[2009.09.28 09:39:49 | 00,011,886 | ---- | C] () -- C:\Programfiler\Fellesfiler\amoquwaz._sy
[2009.09.27 18:56:09 | 00,014,273 | ---- | C] () -- C:\Programfiler\Fellesfiler\myhet.pif
[2009.09.27 18:56:09 | 00,012,639 | ---- | C] () -- C:\WINDOWS\System32\xabewowu.sys
[2009.09.27 18:50:52 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\housecall.guid.cache
[2009.09.27 17:55:45 | 00,018,822 | ---- | C] () -- C:\Programfiler\Fellesfiler\fuguty.sys
[2008.07.07 14:08:36 | 00,002,210 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2008.07.07 13:48:14 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.05.13 11:23:55 | 00,069,848 | ---- | C] () -- C:\Documents and Settings\Eier\Programdata\GDIPFONTCACHEV1.DAT
[2008.03.23 21:00:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008.02.04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007.07.30 09:55:52 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007.03.29 22:00:40 | 00,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007.02.03 21:43:41 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006.06.29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006.06.29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.04.18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005.02.24 21:13:37 | 00,311,296 | ---- | C] () -- C:\WINDOWS\System32\Util.dll
[2005.02.24 21:13:37 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\VideoLib.dll
[2005.02.24 21:13:37 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ResUtilityFRA.dll
[2005.02.24 21:13:37 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ResUtilityESP.dll
[2005.02.24 21:13:37 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ResUtilityENG.dll
[2005.02.24 21:13:37 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ResUtilityDEU.dll
[2005.02.24 21:13:37 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ResUtilityCZE.dll
[2005.02.24 21:13:37 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\ToolUtil.dll
[2005.02.24 21:13:36 | 00,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2005.02.24 21:13:36 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\AudioLib.dll
[2004.10.10 20:31:54 | 00,000,049 | ---- | C] () -- C:\WINDOWS\accgnat.ini
[2004.10.10 20:31:44 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\stdsoap2.dll
[2004.01.27 22:37:43 | 00,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2004.01.09 20:31:17 | 00,196,608 | ---- | C] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004.01.06 22:00:30 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Showbiz20.ini
[2003.08.09 22:17:29 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003.08.09 22:17:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003.08.08 18:59:08 | 00,000,498 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003.08.08 18:58:46 | 00,000,623 | ---- | C] () -- C:\WINDOWS\win.ini
[2003.08.08 18:58:42 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003.08.08 17:02:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003.08.08 17:01:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003.08.08 13:09:27 | 00,023,128 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003.08.08 13:08:45 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003.08.08 13:08:14 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003.08.08 12:57:27 | 00,000,461 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003.08.08 12:47:13 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2003.08.08 12:47:13 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2003.08.08 12:47:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2003.08.08 12:47:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2003.08.08 12:47:13 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2003.08.08 12:47:12 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2003.08.08 12:41:07 | 00,079,024 | ---- | C] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
[2003.08.08 12:41:01 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\fusioncache.dat
[2003.08.08 12:14:31 | 00,004,930 | ---- | C] () -- C:\Documents and Settings\All Users\Programdata\hpzinstall.log
[2003.08.08 11:59:35 | 00,003,544 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003.08.08 11:26:24 | 14,448,394 | -H-- | C] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\IconCache.db
[2003.08.08 11:20:11 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003.08.08 11:20:11 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003.08.08 11:19:52 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003.08.08 11:02:52 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Programdata\desktop.ini
[2003.08.08 10:15:37 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Eier\Programdata\desktop.ini
[2003.06.23 17:34:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002.05.24 07:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002.05.24 07:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002.03.02 03:10:02 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Programdata\TEMP:DFC5A2B2
< End of report >

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:10 AM

Posted 03 November 2009 - 03:19 PM

Hi,

things are looking better now. :(
We need to remove a couple of remaining files:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    [2009.09.28 09:39:49 | 00,011,886 | ---- | C] () -- C:\Programfiler\Fellesfiler\amoquwaz._sy
    [2009.09.27 18:56:09 | 00,014,273 | ---- | C] () -- C:\Programfiler\Fellesfiler\myhet.pif
    [2009.09.27 18:56:09 | 00,012,639 | ---- | C] () -- C:\WINDOWS\System32\xabewowu.sys
    [2009.09.27 18:50:52 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\housecall.guid.cache
    [2009.09.27 17:55:45 | 00,018,822 | ---- | C] () -- C:\Programfiler\Fellesfiler\fuguty.sys
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
Please also run an online scan with Eset:
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Please post back the logs in your next reply.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 thomaser

thomaser
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 04 November 2009 - 08:26 AM

Here are the new OTL-logs. No threats were found by the ESET scan, so I have no logs there.

========== OTL ==========
C:\Programfiler\Fellesfiler\amoquwaz._sy moved successfully.
C:\Programfiler\Fellesfiler\myhet.pif moved successfully.
C:\WINDOWS\system32\xabewowu.sys moved successfully.
C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\housecall.guid.cache moved successfully.
C:\Programfiler\Fellesfiler\fuguty.sys moved successfully.

OTL by OldTimer - Version 3.1.3.3 log created on 11032009_215249

--------------------------------------------------

OTL logfile created on: 03.11.2009 21:59:01 - Run 3
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Eier\Skrivebord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

1,50 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 64,60% Memory free
2,11 Gb Paging File | 1,57 Gb Available in Paging File | 74,39% Paging File free
Paging file location(s): C:\pagefile.sys 768 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 109,42 Gb Total Space | 77,51 Gb Free Space | 70,84% Space Free | Partition Type: NTFS
Drive D: | 5,07 Gb Total Space | 0,70 Gb Free Space | 13,74% Space Free | Partition Type: FAT32
Drive E: | 479,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 584,14 Gb Total Space | 389,34 Gb Free Space | 66,65% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THOMAS-HJEMME
Current User Name: Eier
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Eier\Skrivebord\OTL.exe (OldTimer Tools)
PRC - C:\Programfiler\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programfiler\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programfiler\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe (Telenor)
PRC - C:\Programfiler\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programfiler\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Programfiler\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Programfiler\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programfiler\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Programfiler\Fellesfiler\Nokia\MPlatform\NokiaMServer.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programfiler\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programfiler\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
PRC - C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
PRC - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe (Hewlett-Packard Co.)
PRC - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Programfiler\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
PRC - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
PRC - C:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Eier\Skrivebord\OTL.exe (OldTimer Tools)
MOD - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\asOEHook.dll (Symantec Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Norton Internet Security) -- C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation)
SRV - (JavaQuickStarterService) -- C:\Programfiler\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (ServiceLayer) -- C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (iPod Service) -- C:\Programfiler\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- C:\Programfiler\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (TwonkyMedia) -- C:\Programfiler\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe (PacketVideo)
SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (rpcapd) -- C:\Programfiler\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (gusvc) -- C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (WMPNetworkSvc) -- C:\Programfiler\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (MSSQL$MAMUT) -- C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (CCALib8) -- C:\Programfiler\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (IDriverT) -- C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Adobe LM Service) -- C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (AdobeVersionCue) -- C:\Programfiler\Adobe\Adobe Version Cue\service\VersionCue.exe (Adobe Sytems)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)


========== Driver Services (SafeList) ==========

DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091102.002\IDSXpx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\ccHPx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091103.007\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programfiler\Fellesfiler\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091103.007\NAVENG.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMFW.SYS (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMIDS.SYS (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SASKUTIL) -- C:\Programfiler\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programfiler\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (PxHelp20) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (SASENUM) -- C:\Programfiler\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (S3Psddr) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Cap7134) -- C:\WINDOWS\system32\drivers\Cap7134.sys (Philips Semiconductors)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (PhTVTune) -- C:\WINDOWS\system32\drivers\PhTVTune.sys (Philips Semiconductors)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E}) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (L8042pr2) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys (Logitech, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tendo.no/edit
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.mimer.no:8080

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programfiler\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.07.03 22:29:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.02 02:00:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programfiler\Java\jre6\lib\deploy\jqs\ff [2009.06.08 22:22:40 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Telenor Telenorhjelpen Plugin) - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll (Telenor)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar3.dll ()
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar3.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar3.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Koblinger) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Microsoft CommBand) - {4D5C8C2A-D075-11D0-B416-00C04FB90376} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CamMonitor] c:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [Clean System Memory 120 Sec. After Startup] C:\WINDOWS\System32\CleanMem.exe (PCWinTech.com)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Programfiler\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Programfiler\Fellesfiler\Nokia\MPlatform\NokiaMServer.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Programfiler\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [StorageGuard] C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Telenorhjelpen] C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe (Telenor)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Acrobat Assistant.lnk = C:\Programfiler\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\HP Digital Imaging Monitor.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\HP Image Zone Hurtigstart.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Nokia Ovi Suite.lnk = C:\Programfiler\Nokia\Ovi\Suite\RunLauncher.exe (Nokia)
O4 - Startup: C:\Documents and Settings\Eier\Start-meny\Programmer\Oppstart\OpenOffice.org 3.1.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: Add to Evernote - C:\Programfiler\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Download all by Net Transport - C:\Programfiler\Xi\NetTransport 2\NTAddList.html File not found
O8 - Extra context menu item: Download by Net Transport - C:\Programfiler\Xi\NetTransport 2\NTAddLink.html File not found
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Programfiler\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Programfiler\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1206572371765 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} http://toolbar.google.com/data/no/big/1.1....g/GoogleNav.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://download.abacast.com/download/files/abasetup144.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programfiler\Fellesfiler\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programfiler\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programfiler\Fellesfiler\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Programfiler\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Min gjeldende hjemmeside) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.08.08 10:11:12 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001.07.27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002.09.10 12:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003.04.12 09:05:00 | 00,000,029 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009.06.27 01:49:44 | 00,000,000 | R--D | M] - E:\Autokey utility -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,675 | R--- | M] () - E:\auto-ar.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,003,028 | R--- | M] () - E:\auto-cs.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,953 | R--- | M] () - E:\auto-da.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,789 | R--- | M] () - E:\auto-de.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,926 | R--- | M] () - E:\auto-en.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,701 | R--- | M] () - E:\auto-es.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,003,054 | R--- | M] () - E:\auto-fi.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,003,090 | R--- | M] () - E:\auto-fr.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,776 | R--- | M] () - E:\auto-hu.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,737 | R--- | M] () - E:\auto-it.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,003,609 | R--- | M] () - E:\auto-ja.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,003,092 | R--- | M] () - E:\auto-ko.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,928 | R--- | M] () - E:\auto-nl.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,898 | R--- | M] () - E:\auto-no.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,645 | R--- | M] () - E:\auto-pl.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,571 | R--- | M] () - E:\auto-pt.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,003,052 | R--- | M] () - E:\auto-ro.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,004,026 | R--- | M] () - E:\auto-ru.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,850 | R--- | M] () - E:\auto-sc.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,948 | R--- | M] () - E:\auto-sk.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,750 | R--- | M] () - E:\auto-sl.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,002,980 | R--- | M] () - E:\auto-sv.html -- [ CDFS ]
O32 - AutoRun File - [2008.10.08 07:45:26 | 00,003,718 | R--- | M] () - E:\auto-tc.html -- [ CDFS ]
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002.09.10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009.11.03 21:52:49 | 00,000,000 | ---D | C] -- C:\_OTL
[2009.11.03 21:51:53 | 00,527,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eier\Skrivebord\OTL.exe
[2009.10.13 12:14:46 | 00,000,000 | ---D | C] -- C:\Programfiler\Amazon
[2009.10.07 21:07:14 | 00,000,000 | ---D | C] -- C:\Programfiler\QuickTime
[2009.01.13 15:21:56 | 02,697,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Programfiler\mbam-setup.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Eier\Programdata\*.tmp files -> C:\Documents and Settings\Eier\Programdata\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009.11.03 21:57:31 | 02,664,072 | ---- | M] () -- C:\Documents and Settings\Eier\Skrivebord\esetsmartinstaller_enu.exe
[2009.11.03 21:51:55 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eier\Skrivebord\OTL.exe
[2009.11.03 21:36:00 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Clean System Memory.job
[2009.11.03 19:53:40 | 00,001,405 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009.11.03 19:53:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.11.03 19:53:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.11.03 19:53:09 | 16,100,10624 | -HS- | M] () -- C:\hiberfil.sys
[2009.11.03 19:52:13 | 06,553,600 | ---- | M] () -- C:\Documents and Settings\Eier\ntuser.dat
[2009.11.03 19:51:46 | 00,000,184 | -HS- | M] () -- C:\Documents and Settings\Eier\ntuser.ini
[2009.11.03 19:51:35 | 14,450,574 | -H-- | M] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\IconCache.db
[2009.11.02 14:00:57 | 01,185,708 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.11.02 14:00:57 | 00,492,006 | ---- | M] () -- C:\WINDOWS\System32\perfh014.dat
[2009.11.02 14:00:57 | 00,489,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.11.02 14:00:57 | 00,097,822 | ---- | M] () -- C:\WINDOWS\System32\perfc014.dat
[2009.11.02 14:00:57 | 00,089,074 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.11.02 13:56:51 | 00,079,024 | ---- | M] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
[2009.11.02 13:56:01 | 00,276,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.11.01 12:59:57 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Opera.lnk
[2009.10.26 20:21:40 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Eier\settings.dat
[2009.10.15 23:56:32 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009.10.09 19:38:41 | 07,930,735 | ---- | M] () -- C:\Documents and Settings\Eier\Skrivebord\N904421.xml
[2009.10.07 21:07:33 | 00,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\QuickTime Player.lnk
[2009.10.06 21:49:21 | 00,139,116 | ---- | M] () -- C:\Documents and Settings\Eier\Mine dokumenter\Produkteksport i Uke 40 Wii-spill.csv
[2009.10.06 20:27:45 | 00,210,251 | ---- | M] () -- C:\Documents and Settings\Eier\Mine dokumenter\Produkteksport i Uke 40 DS-spill.csv
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Eier\Programdata\*.tmp files -> C:\Documents and Settings\Eier\Programdata\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009.11.03 21:57:29 | 02,664,072 | ---- | C] () -- C:\Documents and Settings\Eier\Skrivebord\esetsmartinstaller_enu.exe
[2009.10.26 20:20:12 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Eier\settings.dat
[2009.10.15 23:50:08 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009.10.09 19:38:41 | 07,930,735 | ---- | C] () -- C:\Documents and Settings\Eier\Skrivebord\N904421.xml
[2009.10.07 21:07:32 | 00,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\QuickTime Player.lnk
[2009.10.04 23:53:49 | 00,210,251 | ---- | C] () -- C:\Documents and Settings\Eier\Mine dokumenter\Produkteksport i Uke 40 DS-spill.csv
[2008.07.07 14:08:36 | 00,002,210 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2008.07.07 13:48:14 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.05.13 11:23:55 | 00,069,848 | ---- | C] () -- C:\Documents and Settings\Eier\Programdata\GDIPFONTCACHEV1.DAT
[2008.03.23 21:00:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008.02.04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007.07.30 09:55:52 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007.03.29 22:00:40 | 00,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007.02.03 21:43:41 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006.06.29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006.06.29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.04.18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005.02.24 21:13:37 | 00,311,296 | ---- | C] () -- C:\WINDOWS\System32\Util.dll
[2005.02.24 21:13:37 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\VideoLib.dll
[2005.02.24 21:13:37 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ResUtilityFRA.dll
[2005.02.24 21:13:37 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ResUtilityESP.dll
[2005.02.24 21:13:37 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ResUtilityENG.dll
[2005.02.24 21:13:37 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ResUtilityDEU.dll
[2005.02.24 21:13:37 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ResUtilityCZE.dll
[2005.02.24 21:13:37 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\ToolUtil.dll
[2005.02.24 21:13:36 | 00,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2005.02.24 21:13:36 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\AudioLib.dll
[2004.10.10 20:31:54 | 00,000,049 | ---- | C] () -- C:\WINDOWS\accgnat.ini
[2004.10.10 20:31:44 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\stdsoap2.dll
[2004.01.27 22:37:43 | 00,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2004.01.09 20:31:17 | 00,196,608 | ---- | C] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004.01.06 22:00:30 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Showbiz20.ini
[2003.08.09 22:17:29 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003.08.09 22:17:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003.08.08 18:59:08 | 00,000,498 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003.08.08 18:58:46 | 00,000,623 | ---- | C] () -- C:\WINDOWS\win.ini
[2003.08.08 18:58:42 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003.08.08 17:02:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003.08.08 17:01:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003.08.08 13:09:27 | 00,023,128 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003.08.08 13:08:45 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003.08.08 13:08:14 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003.08.08 12:57:27 | 00,000,461 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003.08.08 12:47:13 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2003.08.08 12:47:13 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2003.08.08 12:47:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2003.08.08 12:47:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2003.08.08 12:47:13 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2003.08.08 12:47:12 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2003.08.08 12:41:07 | 00,079,024 | ---- | C] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
[2003.08.08 12:41:01 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\fusioncache.dat
[2003.08.08 12:14:31 | 00,004,930 | ---- | C] () -- C:\Documents and Settings\All Users\Programdata\hpzinstall.log
[2003.08.08 11:59:35 | 00,003,544 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003.08.08 11:26:24 | 14,450,574 | -H-- | C] () -- C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\IconCache.db
[2003.08.08 11:20:11 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003.08.08 11:20:11 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003.08.08 11:19:52 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003.08.08 11:02:52 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Programdata\desktop.ini
[2003.08.08 10:15:37 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Eier\Programdata\desktop.ini
[2003.06.23 17:34:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002.05.24 07:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002.05.24 07:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002.03.02 03:10:02 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Programdata\TEMP:DFC5A2B2
< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users