Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Paladin hell - HJT log included


  • This topic is locked This topic is locked
17 replies to this topic

#1 reallyticked

reallyticked

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 26 February 2010 - 07:15 AM

Hello. I am so happy to find this site. We're having some major issues with an XP laptop. It started yesterday with lots of pop ups recommending - among virus warnings - to buy a version of Paladin Antivirus. We didn't, and the problems have persisted and become worse. I can't use the Firefox browser on that machine to search for anything related to viruses, and certain websites won't open at all (including your site).

So, I'm relaying files and other stuff to my Mac and communicating with the world from here. I finally managed to load Hijackthis today by changing the file name on it to explore.exe. I have been trying to follow instructions on the MyAntiSpyware.com help site for eradicating this virus, but I hadn't had any luck with the Hijackthis until today. I tried to install TDSSkiller and MBam, but neither would install yesterday. I obviously have to disable something first. Problem is, I'm no programmer and have no idea where to begin.

If you can help set me on the right path, I'd be very grateful. The computer is working sporadically now, but sometimes shuts down and won't reboot every time. I'm worried it's not got much time left before it implodes completely!

Here is the log result from the scan I just performed on the system:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:29, on 26.02.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\DOCUME~1\STEINH~1\LOCALS~1\Temp\eventcreatexp.exe
C:\Program Files\Paladin Antivirus\pav.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dn.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: ClueIEAddin - {c14aa221-bae1-45f6-b0b3-90c23f2daa7d} - C:\Clue\adxloader.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{033FBDAE-6AA9-4B6D-B907-EBBC983E68D9}: NameServer = 4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{033FBDAE-6AA9-4B6D-B907-EBBC983E68D9}: NameServer = 4.2.2.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 8731 bytes


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:57 PM

Posted 26 February 2010 - 10:38 AM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  • Click the "Run Scan" button.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 reallyticked

reallyticked
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 26 February 2010 - 11:06 AM

Hello Sam!

Thanks so much for your help so far. Here are the two logs I just performed by following your instructions for using OTL:

OTL logfile created on: 26.02.2010 16:55:03 - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\Steinhogger\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66,68 Gb Total Space | 40,94 Gb Free Space | 61,41% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 56,61 Gb Free Space | 75,96% Space Free | Partition Type: NTFS
Drive E: | 6,83 Gb Total Space | 1,33 Gb Free Space | 19,45% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC133312821021
Current User Name: Steinhogger
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.02.26 16:51:58 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steinhogger\Desktop\OTL.exe
PRC - [2010.02.25 10:18:29 | 000,615,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Steinhogger\Local Settings\Temp\eventcreatexp.exe
PRC - [2009.12.18 14:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009.10.11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009.10.11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009.10.09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009.10.09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009.04.23 07:10:12 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.04.23 07:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.23 18:56:11 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006.09.01 15:57:48 | 000,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2005.12.22 08:57:10 | 000,405,504 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005.12.22 00:06:58 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2005.12.13 16:45:58 | 000,507,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005.12.12 11:39:52 | 000,094,208 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2005.12.08 13:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2005.11.15 15:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005.11.10 23:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005.11.10 21:05:00 | 000,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005.09.24 00:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005.06.19 21:50:08 | 000,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010.02.26 16:51:58 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steinhogger\Desktop\OTL.exe
MOD - [2010.02.25 10:18:25 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Local Settings\Temp\68633.dll
MOD - [2005.11.30 15:31:34 | 000,282,624 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\cpqinfo.dll


========== Win32 Services (SafeList) ==========

SRV - [2009.10.11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.07.10 09:46:58 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2005.12.22 00:06:58 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005.11.15 15:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005.11.10 23:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010.02.25 10:22:02 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.25 10:22:02 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010.02.25 10:22:02 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009.11.14 01:49:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009.09.28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.07.18 11:00:00 | 000,072,704 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WibuKey.sys -- (WIBUKEY)
DRV - [2008.07.18 11:00:00 | 000,016,384 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Wibukey2.sys -- (Wibukey2)
DRV - [2008.04.13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007.11.13 11:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006.11.15 10:00:00 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2005.11.28 10:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005.11.10 23:51:00 | 001,396,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.09.30 12:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005.09.20 11:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005.08.22 10:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005.08.22 10:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.08.22 10:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005.08.18 09:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.08.02 11:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005.08.02 10:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005.06.19 21:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005.05.05 10:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005.05.05 10:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005.03.09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.08.04 09:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004.03.17 05:04:00 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002.11.28 18:33:20 | 000,093,962 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM302.sys -- (ZSMC302)
DRV - [2002.05.14 12:05:08 | 000,022,571 | ---- | M] (Walter Oney Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UsbMicfilt.sys -- (Z302Mic)
DRV - [2001.08.17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001.08.17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3375751953-474267554-416395410-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3375751953-474267554-416395410-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3375751953-474267554-416395410-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-3375751953-474267554-416395410-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dn.no/
IE - HKU\S-1-5-21-3375751953-474267554-416395410-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3375751953-474267554-416395410-1006\S-1-5-21-3375751953-474267554-416395410-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.nrk.no"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:1.0.2
FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:1.0.2
FF - prefs.js..extensions.enabledItems: {0200c2a9-70da-4f6d-b527-f5f7d7877228}:0.4.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: nb-NO@dictionaries.addons.mozilla.org:2.0.10.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.18 19:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.18 19:43:47 | 000,000,000 | ---D | M]

[2008.09.15 18:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Extensions
[2010.02.24 18:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions
[2009.06.05 07:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\{0200c2a9-70da-4f6d-b527-f5f7d7877228}
[2009.10.30 07:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2009.10.30 07:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2007.10.19 17:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009.01.22 19:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\nb-NO@dictionaries.addons.mozilla.org
[2010.02.24 18:05:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.15 22:08:16 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010.01.15 22:08:16 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010.01.15 22:08:16 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010.01.15 22:08:16 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004.08.04 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (ClueIEAddin) - {c14aa221-bae1-45f6-b0b3-90c23f2daa7d} - C:\Clue\adxloader.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3375751953-474267554-416395410-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-3375751953-474267554-416395410-1006..\Run: [eventcreatexp.exe] C:\Documents and Settings\Steinhogger\Local Settings\Temp\eventcreatexp.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3375751953-474267554-416395410-1006..\Run: [Paladin Antivirus] C:\Program Files\Paladin Antivirus\pav.exe ()
O4 - HKU\S-1-5-21-3375751953-474267554-416395410-1006..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-3375751953-474267554-416395410-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3375751953-474267554-416395410-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Steinhogger\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Steinhogger\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3375751953-474267554-416395410-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\0035.DLL) - C:\WINDOWS\system32\0035.DLL ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Steinhogger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steinhogger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.07.27 14:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004.04.30 06:01:14 | 000,000,053 | -HS- | M] () - E:\AUTORUN.FCB -- [ FAT32 ]
O32 - AutoRun File - [2006.11.28 16:20:46 | 000,000,090 | ---- | M] () - E:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{feb4440a-8338-11dc-a01d-0014a5b530ba}\Shell - "" = AutoRun
O33 - MountPoints2\{feb4440a-8338-11dc-a01d-0014a5b530ba}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{feb4440a-8338-11dc-a01d-0014a5b530ba}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.02.26 16:47:15 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: 31
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010.02.26 16:51:57 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steinhogger\Desktop\OTL.exe
[2010.02.26 12:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.02.25 12:49:20 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Steinhogger\Desktop\explore.exe.exe
[2010.02.25 12:31:12 | 000,177,416 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Steinhogger\Desktop\th.exe.exe
[2010.02.25 12:28:44 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steinhogger\Desktop\mbam-setup.exe
[2010.02.25 11:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\My Documents\backup 25022010
[2010.02.25 11:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\Paladin Antivirus
[2010.02.25 10:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010.02.25 10:45:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010.02.25 10:45:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010.02.25 10:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010.02.17 07:50:28 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010.02.17 07:50:28 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010.02.16 08:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010.02.08 17:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\Desktop\2010_02_08
[2010.02.08 17:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\Desktop\2010_02_03
[2010.02.08 17:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\Desktop\2010_01_30
[2010.01.10 15:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010.01.05 16:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008.03.24 08:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006.11.05 18:30:19 | 006,334,888 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 1.5.0.7.exe
[2006.10.27 16:56:11 | 032,667,496 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\SketchUpW5.0.260.01QEA.exe
[2005.09.24 00:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[51 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.02.26 16:52:27 | 000,007,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
[2010.02.26 16:51:58 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steinhogger\Desktop\OTL.exe
[2010.02.26 16:47:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\wupd.dat
[2010.02.26 16:47:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.02.26 16:47:22 | 000,041,984 | -H-- | M] () -- C:\WINDOWS\System32\wexe.exe
[2010.02.26 16:47:22 | 000,006,863 | ---- | M] () -- C:\WINDOWS\System32\WORK.DAT
[2010.02.26 16:47:20 | 000,025,600 | ---- | M] () -- C:\WINDOWS\System32\0035.DLL
[2010.02.26 16:47:04 | 000,001,718 | -HS- | M] () -- C:\hpqp.ini
[2010.02.26 16:47:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.02.26 16:47:04 | 000,000,040 | ---- | M] () -- C:\XP_TV.ini
[2010.02.26 16:46:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.02.26 16:46:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.02.26 16:46:41 | 2145,636,352 | -HS- | M] () -- C:\hiberfil.sys
[2010.02.26 15:29:16 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Steinhogger\NTUSER.DAT
[2010.02.26 15:29:16 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Steinhogger\ntuser.ini
[2010.02.26 13:02:57 | 000,001,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\pornotube.com.lnk
[2010.02.26 13:02:57 | 000,001,599 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\nudetube.com.lnk
[2010.02.26 13:02:57 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\youporn.com.lnk
[2010.02.26 12:54:46 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\HijackThis.lnk
[2010.02.26 09:29:59 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.02.25 16:39:09 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010.02.25 13:55:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.02.25 12:49:21 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Steinhogger\Desktop\explore.exe.exe
[2010.02.25 12:22:18 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steinhogger\Desktop\mbam-setup.exe
[2010.02.25 12:16:00 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\avenger.zip
[2010.02.25 12:08:42 | 000,154,321 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\tdsskiller.zip
[2010.02.25 10:45:14 | 000,177,416 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Steinhogger\Desktop\th.exe.exe
[2010.02.25 10:18:26 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mswintmp.dat
[2010.02.25 10:18:21 | 000,018,432 | ---- | M] () -- C:\U.exe
[2010.02.24 18:02:02 | 000,680,901 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\ved ovn address.pdf
[2010.02.24 17:58:26 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\ved ovn in oslo.doc
[2010.02.05 23:32:40 | 000,414,020 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\tharkitekter.gif
[2010.02.05 21:22:37 | 000,504,454 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\th arkitekter 3.jpg
[2010.02.05 21:00:47 | 000,537,776 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\th arkitekter 2.jpg
[2010.02.05 20:42:30 | 000,722,897 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\th arkitekter.jpg
[51 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.02.26 16:47:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\wupd.dat
[2010.02.26 16:47:22 | 000,041,984 | -H-- | C] () -- C:\WINDOWS\System32\wexe.exe
[2010.02.26 16:47:20 | 000,006,863 | ---- | C] () -- C:\WINDOWS\System32\WORK.DAT
[2010.02.26 16:47:19 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\0035.DLL
[2010.02.26 12:54:46 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\HijackThis.lnk
[2010.02.25 16:43:28 | 000,001,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\pornotube.com.lnk
[2010.02.25 16:43:28 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\nudetube.com.lnk
[2010.02.25 16:43:28 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\youporn.com.lnk
[2010.02.25 16:39:09 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010.02.25 16:39:09 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010.02.25 12:28:55 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\avenger.zip
[2010.02.25 12:28:32 | 000,154,321 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\tdsskiller.zip
[2010.02.25 10:31:16 | 000,007,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
[2010.02.25 10:18:26 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mswintmp.dat
[2010.02.25 10:18:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Application Data\34.exe
[2010.02.25 10:18:21 | 000,018,432 | ---- | C] () -- C:\U.exe
[2010.02.24 18:02:01 | 000,680,901 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\ved ovn address.pdf
[2010.02.24 17:58:25 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\ved ovn in oslo.doc
[2010.02.05 23:32:40 | 000,414,020 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\tharkitekter.gif
[2010.02.05 21:22:34 | 000,504,454 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\th arkitekter 3.jpg
[2010.02.05 21:00:44 | 000,537,776 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\th arkitekter 2.jpg
[2010.02.05 15:00:44 | 000,722,897 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\th arkitekter.jpg
[2010.01.28 16:30:49 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\Mozilla Firefox.lnk
[2010.01.04 16:51:07 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.12.13 18:03:17 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2009.09.19 18:34:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009.09.19 18:11:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX200DEFGIPS.ini
[2009.02.01 10:41:19 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008.08.05 07:07:20 | 000,065,216 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
[2007.08.20 21:47:06 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007.08.20 21:47:06 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007.08.20 21:46:33 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007.08.20 21:46:33 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007.08.20 21:46:33 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007.08.20 21:46:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2007.08.20 21:46:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2007.08.20 21:46:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2007.05.10 10:56:05 | 000,000,407 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.02.28 12:29:45 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2007.02.26 10:54:41 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006.11.16 14:56:19 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SfClientDLL.dll
[2006.11.16 14:56:19 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\Iordy.dll
[2006.11.16 14:55:01 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2006.11.16 14:55:01 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2006.10.28 17:19:28 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.10.28 17:04:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.10.20 19:18:45 | 000,000,260 | ---- | C] () -- C:\WINDOWS\PlotFlow.INI
[2006.10.17 17:58:17 | 096,865,977 | ---- | C] () -- C:\Program Files\OOo_2.0.4_Win32Intel_install.exe
[2006.10.17 11:54:13 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Local Settings\Application Data\fusioncache.dat
[2006.07.27 18:28:42 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006.04.21 00:14:03 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.04.21 00:07:35 | 000,000,373 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005.12.02 11:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004.08.07 14:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.08.07 14:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.01.13 20:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010.02.25 10:18:21 | 000,018,432 | ---- | M] () -- C:\U.exe


< MD5 for: AGP440.SYS >
[2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.03.31 16:34:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.03.31 16:34:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.03.31 16:34:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.03.31 16:34:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 09:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008.04.14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.04 09:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[51 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >


(SECOND LOG----):

OTL logfile created on: 26.02.2010 16:55:03 - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\Steinhogger\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66,68 Gb Total Space | 40,94 Gb Free Space | 61,41% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 56,61 Gb Free Space | 75,96% Space Free | Partition Type: NTFS
Drive E: | 6,83 Gb Total Space | 1,33 Gb Free Space | 19,45% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC133312821021
Current User Name: Steinhogger
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.02.26 16:51:58 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steinhogger\Desktop\OTL.exe
PRC - [2010.02.25 10:18:29 | 000,615,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Steinhogger\Local Settings\Temp\eventcreatexp.exe
PRC - [2009.12.18 14:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009.10.11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009.10.11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009.10.09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009.10.09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009.04.23 07:10:12 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.04.23 07:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.23 18:56:11 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006.09.01 15:57:48 | 000,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2005.12.22 08:57:10 | 000,405,504 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005.12.22 00:06:58 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2005.12.13 16:45:58 | 000,507,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005.12.12 11:39:52 | 000,094,208 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2005.12.08 13:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2005.11.15 15:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005.11.10 23:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005.11.10 21:05:00 | 000,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005.09.24 00:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005.06.19 21:50:08 | 000,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010.02.26 16:51:58 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steinhogger\Desktop\OTL.exe
MOD - [2010.02.25 10:18:25 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Local Settings\Temp\68633.dll
MOD - [2005.11.30 15:31:34 | 000,282,624 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\cpqinfo.dll


========== Win32 Services (SafeList) ==========

SRV - [2009.10.11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.07.10 09:46:58 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2005.12.22 00:06:58 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005.11.15 15:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005.11.10 23:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010.02.25 10:22:02 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.25 10:22:02 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010.02.25 10:22:02 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009.11.14 01:49:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009.09.28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.07.18 11:00:00 | 000,072,704 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WibuKey.sys -- (WIBUKEY)
DRV - [2008.07.18 11:00:00 | 000,016,384 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Wibukey2.sys -- (Wibukey2)
DRV - [2008.04.13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007.11.13 11:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006.11.15 10:00:00 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2005.11.28 10:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005.11.10 23:51:00 | 001,396,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.09.30 12:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005.09.20 11:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005.08.22 10:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005.08.22 10:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.08.22 10:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005.08.18 09:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.08.02 11:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005.08.02 10:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005.06.19 21:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005.05.05 10:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005.05.05 10:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005.03.09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.08.04 09:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004.03.17 05:04:00 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002.11.28 18:33:20 | 000,093,962 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM302.sys -- (ZSMC302)
DRV - [2002.05.14 12:05:08 | 000,022,571 | ---- | M] (Walter Oney Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UsbMicfilt.sys -- (Z302Mic)
DRV - [2001.08.17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001.08.17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3375751953-474267554-416395410-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3375751953-474267554-416395410-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3375751953-474267554-416395410-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-3375751953-474267554-416395410-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dn.no/
IE - HKU\S-1-5-21-3375751953-474267554-416395410-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3375751953-474267554-416395410-1006\S-1-5-21-3375751953-474267554-416395410-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.nrk.no"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:1.0.2
FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:1.0.2
FF - prefs.js..extensions.enabledItems: {0200c2a9-70da-4f6d-b527-f5f7d7877228}:0.4.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: nb-NO@dictionaries.addons.mozilla.org:2.0.10.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.18 19:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.18 19:43:47 | 000,000,000 | ---D | M]

[2008.09.15 18:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Extensions
[2010.02.24 18:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions
[2009.06.05 07:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\{0200c2a9-70da-4f6d-b527-f5f7d7877228}
[2009.10.30 07:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2009.10.30 07:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2007.10.19 17:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009.01.22 19:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\nb-NO@dictionaries.addons.mozilla.org
[2010.02.24 18:05:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.15 22:08:16 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010.01.15 22:08:16 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010.01.15 22:08:16 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010.01.15 22:08:16 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004.08.04 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (ClueIEAddin) - {c14aa221-bae1-45f6-b0b3-90c23f2daa7d} - C:\Clue\adxloader.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3375751953-474267554-416395410-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-3375751953-474267554-416395410-1006..\Run: [eventcreatexp.exe] C:\Documents and Settings\Steinhogger\Local Settings\Temp\eventcreatexp.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3375751953-474267554-416395410-1006..\Run: [Paladin Antivirus] C:\Program Files\Paladin Antivirus\pav.exe ()
O4 - HKU\S-1-5-21-3375751953-474267554-416395410-1006..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-3375751953-474267554-416395410-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3375751953-474267554-416395410-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Steinhogger\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Steinhogger\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3375751953-474267554-416395410-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\0035.DLL) - C:\WINDOWS\system32\0035.DLL ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Steinhogger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steinhogger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.07.27 14:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004.04.30 06:01:14 | 000,000,053 | -HS- | M] () - E:\AUTORUN.FCB -- [ FAT32 ]
O32 - AutoRun File - [2006.11.28 16:20:46 | 000,000,090 | ---- | M] () - E:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{feb4440a-8338-11dc-a01d-0014a5b530ba}\Shell - "" = AutoRun
O33 - MountPoints2\{feb4440a-8338-11dc-a01d-0014a5b530ba}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{feb4440a-8338-11dc-a01d-0014a5b530ba}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.02.26 16:47:15 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: 31
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010.02.26 16:51:57 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steinhogger\Desktop\OTL.exe
[2010.02.26 12:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.02.25 12:49:20 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Steinhogger\Desktop\explore.exe.exe
[2010.02.25 12:31:12 | 000,177,416 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Steinhogger\Desktop\th.exe.exe
[2010.02.25 12:28:44 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steinhogger\Desktop\mbam-setup.exe
[2010.02.25 11:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\My Documents\backup 25022010
[2010.02.25 11:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\Paladin Antivirus
[2010.02.25 10:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010.02.25 10:45:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010.02.25 10:45:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010.02.25 10:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010.02.17 07:50:28 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010.02.17 07:50:28 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010.02.16 08:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010.02.08 17:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\Desktop\2010_02_08
[2010.02.08 17:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\Desktop\2010_02_03
[2010.02.08 17:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\Desktop\2010_01_30
[2010.01.10 15:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010.01.05 16:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008.03.24 08:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006.11.05 18:30:19 | 006,334,888 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 1.5.0.7.exe
[2006.10.27 16:56:11 | 032,667,496 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\SketchUpW5.0.260.01QEA.exe
[2005.09.24 00:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[51 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.02.26 16:52:27 | 000,007,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
[2010.02.26 16:51:58 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steinhogger\Desktop\OTL.exe
[2010.02.26 16:47:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\wupd.dat
[2010.02.26 16:47:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.02.26 16:47:22 | 000,041,984 | -H-- | M] () -- C:\WINDOWS\System32\wexe.exe
[2010.02.26 16:47:22 | 000,006,863 | ---- | M] () -- C:\WINDOWS\System32\WORK.DAT
[2010.02.26 16:47:20 | 000,025,600 | ---- | M] () -- C:\WINDOWS\System32\0035.DLL
[2010.02.26 16:47:04 | 000,001,718 | -HS- | M] () -- C:\hpqp.ini
[2010.02.26 16:47:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.02.26 16:47:04 | 000,000,040 | ---- | M] () -- C:\XP_TV.ini
[2010.02.26 16:46:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.02.26 16:46:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.02.26 16:46:41 | 2145,636,352 | -HS- | M] () -- C:\hiberfil.sys
[2010.02.26 15:29:16 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Steinhogger\NTUSER.DAT
[2010.02.26 15:29:16 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Steinhogger\ntuser.ini
[2010.02.26 13:02:57 | 000,001,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\pornotube.com.lnk
[2010.02.26 13:02:57 | 000,001,599 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\nudetube.com.lnk
[2010.02.26 13:02:57 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\youporn.com.lnk
[2010.02.26 12:54:46 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\HijackThis.lnk
[2010.02.26 09:29:59 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.02.25 16:39:09 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010.02.25 13:55:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.02.25 12:49:21 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Steinhogger\Desktop\explore.exe.exe
[2010.02.25 12:22:18 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steinhogger\Desktop\mbam-setup.exe
[2010.02.25 12:16:00 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\avenger.zip
[2010.02.25 12:08:42 | 000,154,321 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\tdsskiller.zip
[2010.02.25 10:45:14 | 000,177,416 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Steinhogger\Desktop\th.exe.exe
[2010.02.25 10:18:26 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mswintmp.dat
[2010.02.25 10:18:21 | 000,018,432 | ---- | M] () -- C:\U.exe
[2010.02.24 18:02:02 | 000,680,901 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\ved ovn address.pdf
[2010.02.24 17:58:26 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\ved ovn in oslo.doc
[2010.02.05 23:32:40 | 000,414,020 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\tharkitekter.gif
[2010.02.05 21:22:37 | 000,504,454 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\th arkitekter 3.jpg
[2010.02.05 21:00:47 | 000,537,776 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\th arkitekter 2.jpg
[2010.02.05 20:42:30 | 000,722,897 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\th arkitekter.jpg
[51 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.02.26 16:47:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\wupd.dat
[2010.02.26 16:47:22 | 000,041,984 | -H-- | C] () -- C:\WINDOWS\System32\wexe.exe
[2010.02.26 16:47:20 | 000,006,863 | ---- | C] () -- C:\WINDOWS\System32\WORK.DAT
[2010.02.26 16:47:19 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\0035.DLL
[2010.02.26 12:54:46 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\HijackThis.lnk
[2010.02.25 16:43:28 | 000,001,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\pornotube.com.lnk
[2010.02.25 16:43:28 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\nudetube.com.lnk
[2010.02.25 16:43:28 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\youporn.com.lnk
[2010.02.25 16:39:09 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010.02.25 16:39:09 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010.02.25 12:28:55 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\avenger.zip
[2010.02.25 12:28:32 | 000,154,321 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\tdsskiller.zip
[2010.02.25 10:31:16 | 000,007,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
[2010.02.25 10:18:26 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mswintmp.dat
[2010.02.25 10:18:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Application Data\34.exe
[2010.02.25 10:18:21 | 000,018,432 | ---- | C] () -- C:\U.exe
[2010.02.24 18:02:01 | 000,680,901 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\ved ovn address.pdf
[2010.02.24 17:58:25 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\ved ovn in oslo.doc
[2010.02.05 23:32:40 | 000,414,020 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\tharkitekter.gif
[2010.02.05 21:22:34 | 000,504,454 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\th arkitekter 3.jpg
[2010.02.05 21:00:44 | 000,537,776 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\th arkitekter 2.jpg
[2010.02.05 15:00:44 | 000,722,897 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\th arkitekter.jpg
[2010.01.28 16:30:49 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\Mozilla Firefox.lnk
[2010.01.04 16:51:07 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.12.13 18:03:17 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2009.09.19 18:34:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009.09.19 18:11:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX200DEFGIPS.ini
[2009.02.01 10:41:19 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008.08.05 07:07:20 | 000,065,216 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
[2007.08.20 21:47:06 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007.08.20 21:47:06 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007.08.20 21:46:33 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007.08.20 21:46:33 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007.08.20 21:46:33 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007.08.20 21:46:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2007.08.20 21:46:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2007.08.20 21:46:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2007.05.10 10:56:05 | 000,000,407 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.02.28 12:29:45 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2007.02.26 10:54:41 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006.11.16 14:56:19 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SfClientDLL.dll
[2006.11.16 14:56:19 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\Iordy.dll
[2006.11.16 14:55:01 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2006.11.16 14:55:01 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2006.10.28 17:19:28 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.10.28 17:04:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.10.20 19:18:45 | 000,000,260 | ---- | C] () -- C:\WINDOWS\PlotFlow.INI
[2006.10.17 17:58:17 | 096,865,977 | ---- | C] () -- C:\Program Files\OOo_2.0.4_Win32Intel_install.exe
[2006.10.17 11:54:13 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Local Settings\Application Data\fusioncache.dat
[2006.07.27 18:28:42 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006.04.21 00:14:03 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.04.21 00:07:35 | 000,000,373 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005.12.02 11:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004.08.07 14:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.08.07 14:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.01.13 20:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010.02.25 10:18:21 | 000,018,432 | ---- | M] () -- C:\U.exe


< MD5 for: AGP440.SYS >
[2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.03.31 16:34:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.03.31 16:34:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.03.31 16:34:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.03.31 16:34:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 09:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008.04.14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.04 09:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[51 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >




#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:57 PM

Posted 27 February 2010 - 10:23 AM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    PRC - [2010.02.25 10:18:29 | 000,615,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Steinhogger\Local Settings\Temp\eventcreatexp.exe
    MOD - [2010.02.25 10:18:25 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Local Settings\Temp\68633.dll
    O2 - BHO: (ClueIEAddin) - {c14aa221-bae1-45f6-b0b3-90c23f2daa7d} - C:\Clue\adxloader.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKU\S-1-5-21-3375751953-474267554-416395410-1006..\Run: [eventcreatexp.exe] C:\Documents and Settings\Steinhogger\Local Settings\Temp\eventcreatexp.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3375751953-474267554-416395410-1006..\Run: [Paladin Antivirus] C:\Program Files\Paladin Antivirus\pav.exe ()
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\0035.DLL) - C:\WINDOWS\system32\0035.DLL ()
    [2010.02.25 11:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\Paladin Antivirus
    [51 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2010.02.26 16:52:27 | 000,007,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
    [2010.02.26 16:47:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\wupd.dat
    [2010.02.26 16:47:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010.02.26 16:47:22 | 000,041,984 | -H-- | M] () -- C:\WINDOWS\System32\wexe.exe
    [2010.02.26 16:47:22 | 000,006,863 | ---- | M] () -- C:\WINDOWS\System32\WORK.DAT
    [2010.02.26 16:47:20 | 000,025,600 | ---- | M] () -- C:\WINDOWS\System32\0035.DLL
    [2010.02.25 16:43:28 | 000,001,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\pornotube.com.lnk
    [2010.02.25 16:43:28 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\nudetube.com.lnk
    [2010.02.25 16:43:28 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\youporn.com.lnk
    [2010.02.25 10:31:16 | 000,007,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
    [2010.02.25 10:18:26 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mswintmp.dat
    [2010.02.25 10:18:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Application Data\34.exe
    [2010.02.25 10:18:21 | 000,018,432 | ---- | C] () -- C:\U.exe

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.



=======================


Please download RKill from one of these links. Save it to your desktop and run it.

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif



Now open Malwarebytes, update the program, and run a scan.
Please include the log from Malwarebytes in your next reply with your OTL log.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 reallyticked

reallyticked
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 27 February 2010 - 06:22 PM

Hi Sam. After the reboot there a log came up automatically. This is it:
All processes killed
========== OTL ==========
No active process named eventcreatexp.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c14aa221-bae1-45f6-b0b3-90c23f2daa7d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c14aa221-bae1-45f6-b0b3-90c23f2daa7d}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-3375751953-474267554-416395410-1006\Software\Microsoft\Windows\CurrentVersion\Run\\eventcreatexp.exe deleted successfully.
C:\Documents and Settings\Steinhogger\Local Settings\Temp\eventcreatexp.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3375751953-474267554-416395410-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Paladin Antivirus deleted successfully.
C:\Program Files\Paladin Antivirus\pav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\0035.DLL deleted successfully.
C:\WINDOWS\system32\0035.DLL moved successfully.
C:\Program Files\Paladin Antivirus folder moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET11B.tmp deleted successfully.
C:\WINDOWS\System32\SET11C.tmp deleted successfully.
C:\WINDOWS\System32\SET11D.tmp deleted successfully.
C:\WINDOWS\System32\SET11E.tmp deleted successfully.
C:\WINDOWS\System32\SET120.tmp deleted successfully.
C:\WINDOWS\System32\SET122.tmp deleted successfully.
C:\WINDOWS\System32\SET123.tmp deleted successfully.
C:\WINDOWS\System32\SET125.tmp deleted successfully.
C:\WINDOWS\System32\SET126.tmp deleted successfully.
C:\WINDOWS\System32\SET13E.tmp deleted successfully.
C:\WINDOWS\System32\SET13F.tmp deleted successfully.
C:\WINDOWS\System32\SET141.tmp deleted successfully.
C:\WINDOWS\System32\SET142.tmp deleted successfully.
C:\WINDOWS\System32\SET144.tmp deleted successfully.
C:\WINDOWS\System32\SET146.tmp deleted successfully.
C:\WINDOWS\System32\SET147.tmp deleted successfully.
C:\WINDOWS\System32\SET148.tmp deleted successfully.
C:\WINDOWS\System32\SET149.tmp deleted successfully.
C:\WINDOWS\System32\SET158.tmp deleted successfully.
C:\WINDOWS\System32\SET159.tmp deleted successfully.
C:\WINDOWS\System32\SET15A.tmp deleted successfully.
C:\WINDOWS\System32\SET15B.tmp deleted successfully.
C:\WINDOWS\System32\SET160.tmp deleted successfully.
C:\WINDOWS\System32\SET168.tmp deleted successfully.
C:\WINDOWS\System32\SET16A.tmp deleted successfully.
C:\WINDOWS\System32\SET194.tmp deleted successfully.
C:\WINDOWS\System32\SET19D.tmp deleted successfully.
C:\WINDOWS\System32\SET1A2.tmp deleted successfully.
C:\WINDOWS\System32\SET1A3.tmp deleted successfully.
C:\WINDOWS\System32\SET1A4.tmp deleted successfully.
C:\WINDOWS\System32\SET1A5.tmp deleted successfully.
C:\WINDOWS\System32\SET1A6.tmp deleted successfully.
C:\WINDOWS\System32\SET1A9.tmp deleted successfully.
C:\WINDOWS\System32\SET1AB.tmp deleted successfully.
C:\WINDOWS\System32\SET1AD.tmp deleted successfully.
C:\WINDOWS\System32\SET1B1.tmp deleted successfully.
C:\WINDOWS\System32\SET1B3.tmp deleted successfully.
C:\WINDOWS\System32\SET1B6.tmp deleted successfully.
C:\WINDOWS\System32\SET1C3.tmp deleted successfully.
C:\WINDOWS\System32\SET1C6.tmp deleted successfully.
C:\WINDOWS\System32\SET1C8.tmp deleted successfully.
C:\WINDOWS\System32\SET1CD.tmp deleted successfully.
C:\WINDOWS\System32\SET1E4.tmp deleted successfully.
C:\WINDOWS\System32\SET1E7.tmp deleted successfully.
C:\WINDOWS\System32\SET1FE.tmp deleted successfully.
C:\WINDOWS\System32\SET203.tmp deleted successfully.
C:\WINDOWS\System32\SET205.tmp deleted successfully.
C:\WINDOWS\System32\SET208.tmp deleted successfully.
C:\WINDOWS\System32\SET20A.tmp deleted successfully.
C:\WINDOWS\System32\SET20C.tmp deleted successfully.
C:\WINDOWS\002710_.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll moved successfully.
C:\WINDOWS\system32\wupd.dat moved successfully.
C:\WINDOWS\system32\wpa.dbl moved successfully.
C:\WINDOWS\system32\wexe.exe moved successfully.
C:\WINDOWS\system32\WORK.DAT moved successfully.
File C:\WINDOWS\System32\0035.DLL not found.
File C:\Documents and Settings\All Users\Desktop\pornotube.com.lnk not found.
File C:\Documents and Settings\All Users\Desktop\nudetube.com.lnk not found.
File C:\Documents and Settings\All Users\Desktop\youporn.com.lnk not found.
File C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll not found.
C:\Documents and Settings\All Users\Application Data\mswintmp.dat moved successfully.
C:\Documents and Settings\Steinhogger\Application Data\34.exe moved successfully.
C:\U.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1602442 bytes

User: Steinhogger
->Temp folder emptied: 103439913 bytes
->Temporary Internet Files folder emptied: 810664703 bytes
->Java cache emptied: 94193436 bytes
->FireFox cache emptied: 52671216 bytes
->Google Chrome cache emptied: 5050736 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 94794643 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23918640 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 131,00 mb


OTL by OldTimer - Version 3.1.30.2 log created on 02272010_234327

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


HERE IS THE LOG FROM THE OTL SCAN DONE IMMEDIATELY AFTERWARDS:

OTL logfile created on: 27.02.2010 23:50:29 - Run 2
OTL by OldTimer - Version 3.1.30.2     Folder = C:\Documents and Settings\Steinhogger\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66,68 Gb Total Space | 41,99 Gb Free Space | 62,97% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 56,61 Gb Free Space | 75,96% Space Free | Partition Type: NTFS
Drive E: | 6,83 Gb Total Space | 1,33 Gb Free Space | 19,45% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC133312821021
Current User Name: Steinhogger
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.02.26 16:51:58 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steinhogger\Desktop\OTL.exe
PRC - [2009.12.18 14:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009.10.11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009.10.11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009.10.09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009.10.09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009.04.23 07:10:12 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.04.23 07:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008.04.23 03:38:16 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.23 18:56:11 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006.09.01 15:57:48 | 000,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2005.12.22 08:57:10 | 000,405,504 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005.12.22 00:06:58 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2005.12.13 16:45:58 | 000,507,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005.12.12 11:39:52 | 000,094,208 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2005.12.08 13:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2005.11.15 15:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005.11.10 23:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005.11.10 21:05:00 | 000,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005.09.24 00:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005.06.19 21:50:08 | 000,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010.02.26 16:51:58 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steinhogger\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010.02.27 12:39:06 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009.10.11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.07.10 09:46:58 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2005.12.22 00:06:58 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005.11.15 15:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005.11.10 23:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010.02.25 10:22:02 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.25 10:22:02 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010.02.25 10:22:02 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009.11.14 01:49:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009.09.28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.07.18 11:00:00 | 000,072,704 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WibuKey.sys -- (WIBUKEY)
DRV - [2008.07.18 11:00:00 | 000,016,384 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Wibukey2.sys -- (Wibukey2)
DRV - [2008.04.13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007.11.13 11:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006.11.15 10:00:00 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2005.11.28 10:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005.11.10 23:51:00 | 001,396,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.09.30 12:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005.09.20 11:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005.08.22 10:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005.08.22 10:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.08.22 10:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005.08.18 09:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.08.02 11:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005.08.02 10:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005.06.19 21:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005.05.05 10:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005.05.05 10:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005.03.09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.08.04 09:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004.03.17 05:04:00 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002.11.28 18:33:20 | 000,093,962 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM302.sys -- (ZSMC302)
DRV - [2002.05.14 12:05:08 | 000,022,571 | ---- | M] (Walter Oney Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UsbMicfilt.sys -- (Z302Mic)
DRV - [2001.08.17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001.08.17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dn.no/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.nrk.no"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:1.0.2
FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:1.0.2
FF - prefs.js..extensions.enabledItems: {0200c2a9-70da-4f6d-b527-f5f7d7877228}:0.4.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: nb-NO@dictionaries.addons.mozilla.org:2.0.10.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.18 19:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.18 19:43:47 | 000,000,000 | ---D | M]

[2008.09.15 18:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Extensions
[2010.02.24 18:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions
[2009.06.05 07:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\{0200c2a9-70da-4f6d-b527-f5f7d7877228}
[2009.10.30 07:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2009.10.30 07:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2007.10.19 17:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009.01.22 19:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\nb-NO@dictionaries.addons.mozilla.org
[2010.02.24 18:05:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.15 22:08:16 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010.01.15 22:08:16 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010.01.15 22:08:16 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010.01.15 22:08:16 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004.08.04 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Win32load] C:\Documents and Settings\Steinhogger\Application Data\34.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Steinhogger\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Steinhogger\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\0035.DLL) - C:\WINDOWS\System32\0035.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Steinhogger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steinhogger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.07.27 14:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004.04.30 06:01:14 | 000,000,053 | -HS- | M] () - E:\AUTORUN.FCB -- [ FAT32 ]
O32 - AutoRun File - [2006.11.28 16:20:46 | 000,000,090 | ---- | M] () - E:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{feb4440a-8338-11dc-a01d-0014a5b530ba}\Shell - "" = AutoRun
O33 - MountPoints2\{feb4440a-8338-11dc-a01d-0014a5b530ba}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{feb4440a-8338-11dc-a01d-0014a5b530ba}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.02.27 23:42:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.02.27 12:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\Local Settings\Application Data\Temp
[2010.02.26 16:51:57 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steinhogger\Desktop\OTL.exe
[2010.02.26 12:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.02.25 12:49:20 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Steinhogger\Desktop\explore.exe.exe
[2010.02.25 12:31:12 | 000,177,416 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Steinhogger\Desktop\th.exe.exe
[2010.02.25 12:28:44 | 005,115,824 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Steinhogger\Desktop\mbam-setup.exe
[2010.02.25 11:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\My Documents\backup 25022010
[2010.02.25 10:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010.02.25 10:45:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010.02.25 10:45:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010.02.25 10:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010.02.17 07:50:28 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010.02.17 07:50:28 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010.02.16 08:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010.02.08 17:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\Desktop\2010_02_08
[2010.02.08 17:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\Desktop\2010_02_03
[2010.02.08 17:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\Desktop\2010_01_30
[2010.01.10 15:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010.01.05 16:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008.03.24 08:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006.11.05 18:30:19 | 006,334,888 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 1.5.0.7.exe
[2006.10.27 16:56:11 | 032,667,496 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\SketchUpW5.0.260.01QEA.exe
[2005.09.24 00:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2010.02.27 23:46:49 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\rkill.exe
[2010.02.27 23:45:57 | 000,002,148 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.02.27 23:45:36 | 000,001,718 | -HS- | M] () -- C:\hpqp.ini
[2010.02.27 23:45:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.02.27 23:45:36 | 000,000,040 | ---- | M] () -- C:\XP_TV.ini
[2010.02.27 23:45:35 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.02.27 23:45:27 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.02.27 23:45:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.02.27 23:45:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.02.27 23:45:17 | 2145,636,352 | -HS- | M] () -- C:\hiberfil.sys
[2010.02.27 23:44:28 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Steinhogger\NTUSER.DAT
[2010.02.27 23:44:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Steinhogger\ntuser.ini
[2010.02.26 16:51:58 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steinhogger\Desktop\OTL.exe
[2010.02.26 12:54:46 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\HijackThis.lnk
[2010.02.26 09:29:59 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.02.25 16:39:09 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010.02.25 13:55:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.02.25 12:49:21 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Steinhogger\Desktop\explore.exe.exe
[2010.02.25 12:22:18 | 005,115,824 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Steinhogger\Desktop\mbam-setup.exe
[2010.02.25 12:16:00 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\avenger.zip
[2010.02.25 12:08:42 | 000,154,321 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\tdsskiller.zip
[2010.02.25 10:45:14 | 000,177,416 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Steinhogger\Desktop\th.exe.exe
[2010.02.24 18:02:02 | 000,680,901 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\ved ovn address.pdf
[2010.02.24 17:58:26 | 000,058,368 | ---- | M] () -- C:\Documents and Settings..


I DOWNLOADED A NEW VERSION OF MALWAREBYTES AND INSTALLED IT. I COULD NOT THEN GET IT TO OPEN THOUGH. ANY THOUGHTS ON THAT? I CAN'T SEND YOU THE LOG FOR MALWAREBYTES, BUT I DID COPY THE LITTLE LOG FOR THE RKILL. IF IT HELPS, IT'S HERE:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Steinhogger on 27.02.2010 at 23:56:15.


Processes terminated by Rkill or while it was running:


C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Documents and Settings\Steinhogger\Desktop\rkill.exe


Rkill completed on 27.02.2010  at 23:56:18.


I JUST REBOOTED AFTER NOT BEING ABLE TO START MALWAREBYTES. I STILL CAN'T START MALWAREBYTES UNFORTUNATELY.

Thanks again for your help, Sam.


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:57 PM

Posted 28 February 2010 - 11:51 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 reallyticked

reallyticked
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 01 March 2010 - 04:01 AM

Hi Sam. Thanks for your feedback. I have followed the first of the steps you last gave me but unfortunately I cannot run ComboFix. When I double click on the icon on the desktop absolutely nothing seems to happen.

Sorry to be a pain. Am I missing something very basic? Is there another way to start programs in this situation? I'm not used to using PCs (I use a Mac and it's my partner's computer that is infected).

Cheers
Heather



#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:57 PM

Posted 01 March 2010 - 08:14 AM

You're not doing anything wrong. Sometimes malware will try to stop it from running. Let's try to work around it.

Delete combofix.exe that you have now.


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 reallyticked

reallyticked
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 01 March 2010 - 09:36 AM

Hi Sam. Thanks for that tip. I had been worried about doing anything differently from the instructons, given that big red warning. But, it seems as though ComboFix ran and the only really strange thing happened at the very end when it displayed the log. It was as if Notepad was posessed. It kept scrolling lengthwise across the page, and when i tried to stop it, it wouldn't let me exit. i eventually had to End Task using Crtl + Alt + Del. It was quite scary because the whole screen (and the desktop behind it) was flickering until I managed to shut the Notepad down. i think it would still be doing it if I hadn't stopped it.

So, here is the log from the location you specified (c:\combofix.txt) . I have decided to attach it instead of paste it into this post, simply because I don't want to risk this freaky Notepad thing happening again.

on the bright side, we seem to be getting somewhere. Before I installed and ran ComboFix today we had experienced almost no pop-ups, so the computer is actually functioning almost as normal. I realise there are still steps to go through to complete the process and to make sure it doesn't happen again, but at least there is progress. Thank you!

Cheers!
Heather


ComboFix 10-02-28.04 - Steinhogger 01.03.2010 15:09:22.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1033.18.2046.1683 [GMT 1:00]
Running from: c:\documents and settings\Steinhogger\My Documents\Downloads\Combo-Fix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\_VOIDkrl32mainweq.dll
c:\documents and settings\All Users\Application Data\_VOIDmainqt.dll
C:\LOG.TXT
c:\windows\AUTOLNCH.REG
c:\windows\system32\_000004_.tmp.dll
c:\windows\system32\_000019_.tmp.dll
c:\windows\system32\_VOIDdwqbnexvrj.dat
c:\windows\system32\_VOIDiomabimeur.dll
c:\windows\system32\_VOIDkwbppqxxng.dll
c:\windows\system32\_VOIDtoqvdymitk.dll
c:\windows\system32\drivers\_VOIDwwosnbgope.sys
c:\windows\system32\nsprs.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\vb40032.dll
E:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service__VOIDd.sys
-------\Legacy__VOIDd.sys


((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-02-27 23:02 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-27 23:02 . 2010-02-27 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-27 23:02 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-27 23:02 . 2010-02-27 23:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-27 22:42 . 2010-02-27 22:42 -------- d-----w- C:\_OTL
2010-02-27 11:44 . 2010-02-27 11:44 -------- d-----w- c:\documents and settings\Steinhogger\Local Settings\Application Data\Temp
2010-02-26 11:54 . 2010-02-26 11:54 -------- d-----w- c:\program files\Trend Micro
2010-02-17 06:50 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-17 06:50 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-16 07:58 . 2010-02-16 07:58 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 13:48 . 2006-11-13 17:41 -------- d-----w- c:\documents and settings\Steinhogger\Application Data\Skype
2010-03-01 13:24 . 2006-11-05 17:32 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-01 11:38 . 2009-09-09 08:58 1 ----a-w- c:\documents and settings\Steinhogger\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-01 08:32 . 2009-08-19 04:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-28 21:57 . 2010-01-05 15:49 -------- d-----w- c:\documents and settings\Steinhogger\Application Data\skypePM
2010-02-28 10:23 . 2009-07-10 09:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-27 11:39 . 2006-04-20 23:32 -------- d-----w- c:\program files\Google
2010-02-25 09:46 . 2009-06-05 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-02-25 09:45 . 2010-01-04 16:07 -------- d-----w- c:\documents and settings\Steinhogger\Application Data\uTorrent
2010-02-08 16:19 . 2007-12-05 16:49 -------- d-----w- c:\documents and settings\Steinhogger\Application Data\ZoomBrowser EX
2010-02-08 16:19 . 2007-12-05 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-01-05 15:50 . 2006-10-28 16:29 -------- d-----w- c:\program files\DivX
2010-01-05 15:50 . 2010-01-05 15:50 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-05 15:49 . 2010-01-05 15:49 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-05 15:48 . 2010-01-05 15:48 -------- d-----r- c:\program files\Skype
2010-01-05 15:48 . 2010-01-05 15:48 -------- d-----w- c:\program files\Common Files\Skype
2010-01-05 15:48 . 2010-01-04 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-05 10:00 . 2004-08-04 08:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-04 15:51 . 2010-01-04 15:51 -------- d-----w- c:\documents and settings\Steinhogger\Application Data\Canneverbe_Limited
2010-01-04 15:51 . 2010-01-04 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-01-04 15:51 . 2010-01-04 15:51 -------- d-----w- c:\program files\CDBurnerXP
2009-12-31 16:50 . 2004-08-04 08:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2004-08-04 08:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-13 08:02 . 2009-12-13 08:02 152576 ----a-w- c:\documents and settings\Steinhogger\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-13 08:01 . 2009-11-11 16:35 79488 ----a-w- c:\documents and settings\Steinhogger\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-08 19:27 . 2004-08-04 08:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 08:00 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-04 08:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2006-11-05 17:30 . 2006-11-05 17:30 6334888 -c--a-w- c:\program files\Thunderbird Setup 1.5.0.7.exe
2006-10-27 15:56 . 2006-10-27 15:56 32667496 -c--a-w- c:\program files\SketchUpW5.0.260.01QEA.exe
2006-10-17 16:59 . 2006-10-17 16:58 96865977 -c--a-w- c:\program files\OOo_2.0.4_Win32Intel_install.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-28 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-17 05:06 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-25 09:22 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 12\\ArchiCAD.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [23.06.2009 10:01 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.06.2009 10:01 66632]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22.08.2005 10:06 231424]
R3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [11.11.2008 19:45 16384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27.02.2010 12:39 135664]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.06.2009 10:01 12872]
S3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;c:\windows\system32\drivers\UsbMicfilt.sys [13.12.2009 18:03 22571]
S3 ZSMC302;PCL-W310;c:\windows\system32\drivers\usbVM302.sys [20.11.2007 12:50 93962]
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 11:39]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 11:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dn.no/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {033FBDAE-6AA9-4B6D-B907-EBBC983E68D9} = 4.2.2.2
FF - ProfilePath - c:\documents and settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nrk.no
FF - plugin: c:\documents and settings\Steinhogger\Local Settings\Application Data\myVRnpapi\npmyvr-1.00700.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Paladin Antivirus - c:\program files\Paladin Antivirus\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-01 15:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????+?n??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-01 15:18:05
ComboFix-quarantined-files.txt 2010-03-01 14:17

Pre-Run: 44 969 066 496 bytes free
Post-Run: 44 927 635 456 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 8BC2144A0FAD9FDE48647AECCA870211

Attached Files


Edited by Buckeye_Sam, 01 March 2010 - 04:23 PM.


#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:57 PM

Posted 01 March 2010 - 04:31 PM

That's unusual behavior from notepad. Let's check something.

Click Start -> Run -> notepad

Does it open as it should? Any craziness like before?


Combofix removed a rootkit that was likely blocking Malwarebytes, so let's try it again.

Open Malwarebytes. Update it first and then run a scan.
Post back with the resulting log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 reallyticked

reallyticked
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 02 March 2010 - 08:08 AM

Hi again Sam.

Well, Notepad seems to be fine today, luckily. I opened it and created a test file, saved it and it worked with no problems.

Also great is that MalwareBytes installed, updated and ran. I ran a complete scan instead of a brief one and afterwards I removed the infected files. There were 26 of them. Here is the log:

Malwarebytes' Anti-Malware 1.44
Database version: 3811
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

02.03.2010 14:03:43
mbam-log-2010-03-02 (14-03-43).txt

Scan type: Full Scan (C:\|D:\|E:\|H:\|)
Objects scanned: 260742
Time elapsed: 57 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Steinhogger\Start Menu\Programs\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Steinhogger\Local Settings\Application Data\myVRmfcax\htmlayout.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\_VOIDiomabimeur.dll.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\_VOIDkwbppqxxng.dll.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\_VOIDtoqvdymitk.dll.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_VOIDwwosnbgope.sys.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1068\A0074549.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1068\A0074550.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1068\A0074551.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1068\A0074552.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02272010_234327\C_\U.exe (Trojan.Small) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02272010_234327\C_Documents and Settings\Steinhogger\Application Data\34.exe (Trojan.Small) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02272010_234327\C_Documents and Settings\Steinhogger\Local Settings\Temp\eventcreatexp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02272010_234327\C_Program Files\Paladin Antivirus\pav.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02272010_234327\C_Program Files\Paladin Antivirus\pavext.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02272010_234327\C_Program Files\Paladin Antivirus\phook.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02272010_234327\C_Program Files\Paladin Antivirus\uninstall.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02272010_234327\C_WINDOWS\system32\0035.DLL (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02272010_234327\C_WINDOWS\system32\wexe.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steinhogger\Start Menu\Programs\Paladin Antivirus\Paladin Antivirus Support.lnk (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steinhogger\Start Menu\Programs\Paladin Antivirus\Paladin Antivirus.lnk (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steinhogger\Start Menu\Programs\Paladin Antivirus\Uninstall Paladin Antivirus.lnk (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steinhogger\Application Data\Microsoft\Internet Explorer\Quick Launch\Paladin Antivirus.lnk (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:57 PM

Posted 02 March 2010 - 08:17 AM

How is your computer behaving now? Any problems?

Please post a new OTL log for me so I can give it one last review.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 reallyticked

reallyticked
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 02 March 2010 - 11:46 AM

Hi Sam. The computer is behaving quite normally now. Yhe only thing that was weird today happened after I installed MalwareBytes. I got a strange message about a program that wanted to install itself. It is a program called SPSS, which is a statistics program I haven't used for over two years. I looked on the control panel and saw that it was still installed, and removed it using Add and Remove programs. it hasn't re-appeared since then.

But other than that, things seem to be back to normal, thanks to you. Here is the OTL log:

OTL logfile created on: 02.03.2010 16:47:59 - Run 3
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\Steinhogger\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66,68 Gb Total Space | 41,91 Gb Free Space | 62,86% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 56,61 Gb Free Space | 75,96% Space Free | Partition Type: NTFS
Drive E: | 6,83 Gb Total Space | 1,33 Gb Free Space | 19,45% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 149,05 Gb Total Space | 89,41 Gb Free Space | 59,99% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: PC133312821021
Current User Name: Steinhogger
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.02.26 16:51:58 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steinhogger\Desktop\OTL.exe
PRC - [2009.10.11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009.10.11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009.10.09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009.10.09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009.04.23 07:10:12 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.04.23 07:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008.04.14 01:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.23 18:56:11 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006.09.01 15:57:48 | 000,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2005.12.22 08:57:10 | 000,405,504 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005.12.22 00:06:58 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2005.12.13 16:45:58 | 000,507,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005.12.12 11:39:52 | 000,094,208 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2005.12.08 13:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2005.11.15 15:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005.11.10 23:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005.11.10 21:05:00 | 000,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005.09.24 00:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005.06.19 21:50:08 | 000,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010.02.26 16:51:58 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steinhogger\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010.02.27 12:39:06 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009.10.11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.07.10 09:46:58 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2005.12.22 00:06:58 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005.11.15 15:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005.11.10 23:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010.02.25 10:22:02 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.25 10:22:02 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010.02.25 10:22:02 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009.11.14 01:49:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009.09.28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.07.18 11:00:00 | 000,072,704 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WibuKey.sys -- (WIBUKEY)
DRV - [2008.07.18 11:00:00 | 000,016,384 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Wibukey2.sys -- (Wibukey2)
DRV - [2008.04.13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007.11.13 11:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006.11.15 10:00:00 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2005.11.28 10:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005.11.10 23:51:00 | 001,396,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.09.30 12:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005.09.20 11:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005.08.22 10:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005.08.22 10:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.08.22 10:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005.08.18 09:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.08.02 11:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005.08.02 10:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005.06.19 21:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005.05.05 10:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005.05.05 10:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005.03.09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.08.04 09:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004.03.17 05:04:00 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002.11.28 18:33:20 | 000,093,962 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM302.sys -- (ZSMC302)
DRV - [2002.05.14 12:05:08 | 000,022,571 | ---- | M] (Walter Oney Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UsbMicfilt.sys -- (Z302Mic)
DRV - [2001.08.17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001.08.17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dn.no/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.nrk.no"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:1.0.2
FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:1.0.2
FF - prefs.js..extensions.enabledItems: {0200c2a9-70da-4f6d-b527-f5f7d7877228}:0.4.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: nb-NO@dictionaries.addons.mozilla.org:2.0.10.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.18 19:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.18 19:43:47 | 000,000,000 | ---D | M]

[2008.09.15 18:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Extensions
[2010.03.01 10:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions
[2009.06.05 07:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\{0200c2a9-70da-4f6d-b527-f5f7d7877228}
[2009.10.30 07:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2009.10.30 07:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2007.10.19 17:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009.01.22 19:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steinhogger\Application Data\Mozilla\Firefox\Profiles\ph94gefn.default\extensions\nb-NO@dictionaries.addons.mozilla.org
[2010.03.01 10:46:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.15 22:08:16 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010.01.15 22:08:16 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010.01.15 22:08:16 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010.01.15 22:08:16 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004.08.04 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Steinhogger\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Steinhogger\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Steinhogger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steinhogger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.07.27 14:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004.04.30 06:01:14 | 000,000,053 | -HS- | M] () - E:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.03.02 12:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\Application Data\Malwarebytes
[2010.03.01 15:02:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.03.01 15:00:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.03.01 15:00:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.03.01 15:00:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.03.01 15:00:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.03.01 15:00:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.03.01 14:58:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.03.01 14:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\My Documents\Downloads
[2010.03.01 09:43:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.02.28 00:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\Desktop\MONTESSOURI
[2010.02.28 00:02:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.02.28 00:02:57 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.02.28 00:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.02.28 00:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.02.28 00:01:29 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steinhogger\Desktop\mbam-setup1.exe
[2010.02.27 23:42:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.02.27 12:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\Local Settings\Application Data\Temp
[2010.02.26 16:51:57 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steinhogger\Desktop\OTL.exe
[2010.02.26 12:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.02.25 12:49:20 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Steinhogger\Desktop\explore.exe.exe
[2010.02.25 12:31:12 | 000,177,416 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Steinhogger\Desktop\th.exe.exe
[2010.02.25 11:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\My Documents\backup 25022010
[2010.02.25 10:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010.02.25 10:45:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010.02.25 10:45:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010.02.25 10:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010.02.17 07:50:28 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010.02.17 07:50:28 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010.02.16 08:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010.02.08 17:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\Desktop\2010_02_08
[2010.02.08 17:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\Desktop\2010_02_03
[2010.02.08 17:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steinhogger\Desktop\2010_01_30
[2010.01.10 15:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010.01.05 16:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008.03.24 08:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006.11.05 18:30:19 | 006,334,888 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 1.5.0.7.exe
[2006.10.27 16:56:11 | 032,667,496 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\SketchUpW5.0.260.01QEA.exe
[2005.09.24 00:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2010.03.02 16:49:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.02 14:06:32 | 000,082,480 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.03.02 14:06:30 | 000,001,718 | -HS- | M] () -- C:\hpqp.ini
[2010.03.02 14:06:28 | 000,002,148 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.02 14:06:28 | 000,000,040 | ---- | M] () -- C:\XP_TV.ini
[2010.03.02 14:06:20 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.02 14:06:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.02 14:06:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.02 14:06:02 | 000,306,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.03.02 14:06:01 | 2145,636,352 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.02 14:04:59 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Steinhogger\NTUSER.DAT
[2010.03.02 14:04:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Steinhogger\ntuser.ini
[2010.03.01 15:16:09 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.01 15:02:26 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.03.01 14:58:23 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\Shortcut to Combo-Fix.lnk
[2010.03.01 09:48:46 | 000,000,749 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.03.01 09:48:46 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.03.01 09:32:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.02.28 00:01:34 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steinhogger\Desktop\mbam-setup1.exe
[2010.02.27 23:46:49 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\rkill.exe
[2010.02.26 16:51:58 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steinhogger\Desktop\OTL.exe
[2010.02.26 12:54:46 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\HijackThis.lnk
[2010.02.25 13:55:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.02.25 12:49:21 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Steinhogger\Desktop\explore.exe.exe
[2010.02.25 12:16:00 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\avenger.zip
[2010.02.25 12:08:42 | 000,154,321 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\tdsskiller.zip
[2010.02.25 10:45:14 | 000,177,416 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Steinhogger\Desktop\th.exe.exe
[2010.02.24 18:02:02 | 000,680,901 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\ved ovn address.pdf
[2010.02.24 17:58:26 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\ved ovn in oslo.doc
[2010.02.05 23:32:40 | 000,414,020 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\tharkitekter.gif
[2010.02.05 21:22:37 | 000,504,454 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\th arkitekter 3.jpg
[2010.02.05 21:00:47 | 000,537,776 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\th arkitekter 2.jpg
[2010.02.05 20:42:30 | 000,722,897 | ---- | M] () -- C:\Documents and Settings\Steinhogger\Desktop\th arkitekter.jpg

========== Files Created - No Company Name ==========

[2010.03.01 15:02:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.03.01 15:02:22 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010.03.01 15:00:56 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.03.01 15:00:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.03.01 15:00:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.03.01 15:00:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.03.01 15:00:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.03.01 14:58:23 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\Shortcut to Combo-Fix.lnk
[2010.02.27 23:46:48 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\rkill.exe
[2010.02.27 23:45:25 | 000,002,148 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2010.02.27 12:39:09 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.02.27 12:39:08 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.02.26 12:54:46 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\HijackThis.lnk
[2010.02.25 12:28:55 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\avenger.zip
[2010.02.25 12:28:32 | 000,154,321 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\tdsskiller.zip
[2010.02.24 18:02:01 | 000,680,901 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\ved ovn address.pdf
[2010.02.24 17:58:25 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\ved ovn in oslo.doc
[2010.02.05 23:32:40 | 000,414,020 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\tharkitekter.gif
[2010.02.05 21:22:34 | 000,504,454 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\th arkitekter 3.jpg
[2010.02.05 21:00:44 | 000,537,776 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\th arkitekter 2.jpg
[2010.02.05 15:00:44 | 000,722,897 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Desktop\th arkitekter.jpg
[2010.01.04 16:51:07 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.12.13 18:03:17 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2009.09.19 18:34:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009.09.19 18:11:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX200DEFGIPS.ini
[2009.02.01 10:41:19 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008.08.05 07:07:20 | 000,065,216 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
[2007.08.20 21:47:06 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007.08.20 21:47:06 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007.08.20 21:46:33 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007.08.20 21:46:33 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007.08.20 21:46:33 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007.05.10 10:56:05 | 000,000,407 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.02.28 12:29:45 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2007.02.26 10:54:41 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006.11.16 14:56:19 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SfClientDLL.dll
[2006.11.16 14:56:19 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\Iordy.dll
[2006.11.16 14:55:01 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2006.11.16 14:55:01 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2006.10.28 17:19:28 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.10.28 17:04:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.10.20 19:18:45 | 000,000,260 | ---- | C] () -- C:\WINDOWS\PlotFlow.INI
[2006.10.17 17:58:17 | 096,865,977 | ---- | C] () -- C:\Program Files\OOo_2.0.4_Win32Intel_install.exe
[2006.10.17 11:54:13 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Steinhogger\Local Settings\Application Data\fusioncache.dat
[2006.07.27 18:28:42 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006.04.21 00:14:03 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.04.21 00:07:35 | 000,000,373 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005.12.02 11:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004.08.07 14:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.08.07 14:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.01.13 20:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
< End of report >


#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:57 PM

Posted 03 March 2010 - 08:19 AM

Can you tell what these two files are on your desktop?

[2010.02.25 12:49:20 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Steinhogger\Desktop\explore.exe.exe
[2010.02.25 12:31:12 | 000,177,416 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Steinhogger\Desktop\th.exe.exe
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 reallyticked

reallyticked
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 03 March 2010 - 10:05 AM

Hi Sam. Those files are ok. They were attempts by me to rename software that I was trying to get to run last week, after this whole problem started. I changed the names on them in order to see if they would open.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users