Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chineese virus at bottom left corner of screen


  • This topic is locked This topic is locked
19 replies to this topic

#1 ponkis2k

ponkis2k

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 15 March 2010 - 02:00 PM

Hi, all of the sudden a asian looking comercial is showing at the bottom left screen, showing ads for furniture and houses (see attached image). Anyone recognize this and know how to remove it?

Here is my HiJackThis log:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 19:32:32, on 15.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programfiler\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\Henrik\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\PPLive\PPVA\PPLiveVA.exe
C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programfiler\Fellesfiler\PPLiveNetwork\PPAP.exe
C:\Henrik\Programmer\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Henrik\Programmer\Daemon Tools\Phantom CD\Phantom CD\pcdservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Henrik\Programmer\Logitech\SetPoint\LU\LULnchr.exe
C:\Henrik\Programmer\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programfiler\HP\Digital Imaging\bin\hpqbam08.exe
C:\Henrik\Programmer\Antivirus\Avast2\AvastSvc.exe
C:\Henrik\Programmer\Antivirus\Avast2\avastUI.exe
C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe
C:\WINDOWS\system32\winlogon.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Henrik\Programmer\Antivirus\Windows Malicious Software\windows-kb890830-v2.8.exe
c:\68db6e593227ada182\mrtstub.exe
C:\Henrik\Programmer\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\MRT.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Henrik\Programmer\Antivirus\HiJackThis\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bibelen.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/application.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - Software - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll
O2 - BHO: CDelHotkeys Object - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Henrik\Programmer\Deli.ciou.us\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Henrik\Programmer\Deli.ciou.us\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [mxomssmenu] "C:\Programfiler\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Henrik\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] C:\Henrik\PROGRA~1\ANTIVI~1\Avast2\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Henrik\Programmer\Daemon Tools\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [PPAP] "C:\Programfiler\Fellesfiler\PPLiveNetwork\PPAP.exe" -background
O4 - HKCU\..\Run: [PPLiveVA] C:\Programfiler\PPLive\PPVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.neopets.com/games/dgs/dgs_launch_game.phtml?age=1&hiscore=0&sp=0&va=1&world=Meridell&version=26&alternate=&r=970110&game_id=430&nc_referer=neopets&quality=High&width=640&height=480"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-21-1801674531-879983540-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Svein')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1801674531-879983540-725345543-1006 Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe (User 'Svein')
O4 - S-1-5-21-1801674531-879983540-725345543-1006 Startup: OpenOffice.org 3.0.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe (User 'Svein')
O4 - S-1-5-21-1801674531-879983540-725345543-1006 User Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe (User 'Svein')
O4 - S-1-5-21-1801674531-879983540-725345543-1006 User Startup: OpenOffice.org 3.0.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe (User 'Svein')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Henrik\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Google Sidewiki - res://C:\Programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Henrik\Programmer\Deli.ciou.us\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Henrik\Programmer\Deli.ciou.us\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Henrik\Programmer\Deli.ciou.us\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1184747933906
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Henrik\Programmer\Antivirus\Avast2\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Henrik\Programmer\Antivirus\Avast2\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Henrik\Programmer\Antivirus\Avast2\AvastSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Googles oppdateringstjeneste (gupdate) (gupdate) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Programfiler\Maxtor\Sync\SyncServices.exe
O23 - Service: pcdservice - Phantombility, Inc - C:\Henrik\Programmer\Daemon Tools\Phantom CD\Phantom CD\pcdservice.exe
O23 - Service: Freight Tycoon Drivers Auto Removal (pr2amjjb) (pr2amjjb) - 1C Publishing EU s.r.o. - C:\WINDOWS\system32\pr2amjjb.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13454 bytes

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Attached Files



BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:08 PM

Posted 17 March 2010 - 08:17 PM

Hello, ponkis2k.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:08 PM

Posted 20 March 2010 - 02:56 AM

Hello ponkis2k
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#4 ponkis2k

ponkis2k
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 20 March 2010 - 06:43 AM

Yes, I am still here, and I will try this tomorrow, and post the info.

#5 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:08 PM

Posted 20 March 2010 - 08:30 AM

Okay. Thanks for letting me know smile.gif

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#6 ponkis2k

ponkis2k
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 21 March 2010 - 09:23 AM

Great, thanks. Here is the results:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-21 14:22:30
Windows 5.1.2600 Service Pack 3
Running: i7v14745.exe; Driver: C:\DOCUME~1\Henrik\LOKALE~1\Temp\kxldipod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB5223C56]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB5223B12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB52240C6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB5223FF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB52236E8]
SSDT sptd.sys ZwEnumerateKey [0xBA6C3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xBA6C4340]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB5223BEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB5223628]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB522368C]
SSDT sptd.sys ZwQueryKey [0xBA6C4418]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB5223D0C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB5224194]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB5223CCC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB5223E4C]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB52304FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB5230322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB523045C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 8A3691E8

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBPDO-0 89F22790
Device \Driver\PCI_NTPNP9548 \Device\00000044 sptd.sys
Device \Driver\usbehci \Device\USBPDO-1 89E9D790
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A36B1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A36B1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A36B1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A36B1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{FB86DC02-2AFB-4B09-80A0-BE8FDE697634} 8A18C1E8
Device \Driver\usbohci \Device\USBPDO-2 89F22790
Device \Driver\usbohci \Device\USBPDO-3 89F22790

AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A3D71E8
Device \Driver\Cdrom \Device\CdRom0 89F6D790
Device \Driver\Cdrom \Device\CdRom1 89F6D790
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [BA5FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [BA5FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [BA5FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [BA5FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A18C1E8
Device \Driver\NetBT \Device\NetbiosSmb 8A18C1E8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBFDO-0 89F22790
Device \Driver\usbohci \Device\USBFDO-1 89F22790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A0391E8
Device \Driver\usbohci \Device\USBFDO-2 89F22790
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A0391E8
Device \Driver\usbehci \Device\USBFDO-3 89E9D790
Device \Driver\Ftdisk \Device\FtControl 8A3D71E8
Device \Driver\afd996cp \Device\Scsi\afd996cp1 89ECB590
Device \Driver\phmcd \Device\Scsi\phmcd1Port2Path0Target0Lun0 8A36A1E8
Device \Driver\phmcd \Device\Scsi\phmcd1 8A36A1E8
Device \Driver\phmcd \GLOBAL??\phmcd 8A36A1E8
Device \FileSystem\Cdfs \Cdfs 8A1601E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEC 0x17 0xD6 0xE2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Henrik\Programmer\Daemon Tools\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x83 0xC1 0xAC 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE0 0xCC 0x94 0xAC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEC 0x17 0xD6 0xE2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Henrik\Programmer\Daemon Tools\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x83 0xC1 0xAC 0x36 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE0 0xCC 0x94 0xAC ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Svein\Cookies\svein@delicious[1].txt 419 bytes

---- EOF - GMER 1.0.15 ----




info.txt logfile of random's system information tool 1.06 2010-03-20 17:49:27

======Uninstall list======

"Freight Tycoon Inc"-->"C:\Henrik\Spill\Freight Tycoon Inc\unins000.exe"
-->C:\Henrik\Programmer\Div-X\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x14 -uninst
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Programfiler\Fellesfiler\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Programfiler\Fellesfiler\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->c:\Programfiler\Fellesfiler\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 9 - Norsk-->MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A90000000001}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Free Antivirus-->C:\Henrik\Programmer\Antivirus\Avast2\aswRunDll.exe "C:\Henrik\Programmer\Antivirus\Avast2\Setup\setiface.dll" RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CASHFLOW® 202 THE E-GAME-->C:\Henrik\Spill\CASHFL~1\UNWISE.EXE C:\Henrik\Spill\CASHFL~1\INSTALL.LOG
CASHFLOW® THE E-GAME-->C:\Henrik\Spill\CASHFLOW\UNWISE.EXE C:\Henrik\Spill\CASHFLOW\INSTALL.LOG
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
Delicious Add-on for Internet Explorer-->"C:\Henrik\Programmer\Deli.ciou.us\Delicious Add-on for Internet Explorer\uninstall.exe"
DivX Codec-->C:\Henrik\Programmer\Div-X\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Henrik\Programmer\Div-X\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Henrik\Programmer\Div-X\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Henrik\Programmer\Div-X\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Henrik\Programmer\Div-X\DivX\DivXWebPlayerUninstall.exe /PLUGIN
erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
filehippo.com Update Checker-->"C:\Henrik\Programmer\FileHippo\filehippo.com\uninstall.exe"
Football Manager 2009-->"C:\Henrik\Spill\FM 2009\Uninstall_Football Manager 2009\Avinstaller Football Manager 2009.exe"
Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}
Google Toolbar for Internet Explorer-->"C:\Programfiler\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Programfiler\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Programfiler\trend micro\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3-->C:\Programfiler\HP\Digital Imaging\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\hpzscr01.exe -datfile hposcr28.dat -onestop
HP Imaging Device Functions 11.0-->C:\Programfiler\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Update-->MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}
Hurtigreparasjon for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hurtigreparasjon for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kantaris Media Player 0.3.5-->"C:\Henrik\Programmer\Kantaris\Kantaris\unins000.exe"
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Kritisk oppdatering for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Logitech SetPoint-->C:\Programfiler\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0014 -removeonly
Mamut Business Software-->MsiExec.exe /X{96A1C6AA-55F6-40B7-956A-D7AA2EE47133}
Maxtor Manager-->"C:\Programfiler\InstallShield Installation Information\{B8281D46-D846-4BB9-BC84-F1115A7BF820}\setup.exe" -runfromtemp -l0x0409 -removeonly
Maxtor Manager-->MsiExec.exe /I{B8281D46-D846-4BB9-BC84-F1115A7BF820}
Microsoft .NET Framework 1.1 Norwegian Language Pack-->MsiExec.exe /X{3EAC35F4-FF26-4123-9404-0B5B93DAB570}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - NOR-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - NOR\install.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Norwegian (Bokmal) Language Pack-->MsiExec.exe /X{AC2DD076-C5AB-49E6-9947-9447A7B57837}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Age of Empires II: The Conquerors Expansion-->"C:\Programfiler\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"C:\Programfiler\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Base Smart Card Cryptographic Service Provider-pakke-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft DirectX SDK (November 2008)-->C:\WINDOWS\dxsdkuninst.exe "C:\Henrik\Programmer\SDXK" "Microsoft DirectX SDK (November 2008)"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mozilla Firefox (3.0.16)-->C:\Henrik\Programmer\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia Flashing Cable Driver-->MsiExec.exe /X{A4E0CA0F-1903-440A-9B98-FEA6CB049999}
Nokia Lifeblog 2.5-->MsiExec.exe /I{E94603CA-2996-4154-8EE2-A5FCD4BFB500}
Nokia NSeries Application Installer-->MsiExec.exe /I{FD349381-D79C-4E5C-8980-015DFFB962D5}
Nokia NSeries Content Copier-->MsiExec.exe /X{F779EC8D-6703-4C4A-817C-37B07898E647}
Nokia NSeries Multimedia Player-->MsiExec.exe /I{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}
Nokia NSeries Music Manager-->MsiExec.exe /I{F89E5AD8-AE47-49B5-B9F9-C498791E6255}
Nokia NSeries One Touch Access-->MsiExec.exe /I{F4EE8763-EAA8-4BC1-8594-8501F5F00414}
Nokia NSeries System Utilities-->MsiExec.exe /X{96E94E18-54D6-42C1-8FC4-24DACEDC3395}
Nokia Nseries Video Manager-->MsiExec.exe /X{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}
Nokia Software Launcher-->MsiExec.exe /I{A8C856AD-63CD-4613-AA29-E6C85607EA06}
Nokia Software Updater-->MsiExec.exe /X{2B06E7FD-C5A1-403E-B387-A8D4AA858F48}
Office Animation Runtime-->MsiExec.exe /X{AEEB3643-71DE-414d-9E3F-1159177FE211}
OpenOffice.org 3.0-->MsiExec.exe /I{CEF7656D-79A7-4793-8A8B-22C8BC82AD76}
Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
Oppdatering for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Oppdatering for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Oppdatering for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
PC Connectivity Solution-->MsiExec.exe /I{6094AB91-4CC8-498E-9DFF-134CC0B159DE}
PeerGuardian 2.0-->"C:\Programfiler\PeerGuardian2\unins000.exe"
Phantom CD-->"C:\Henrik\Programmer\Daemon Tools\Phantom CD\Phantom CD\Uninstall.exe"
Påloggingsassistent for Windows Live-->MsiExec.exe /I{B965A150-17AB-4EB1-AD98-33149DDBD928}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x14 -removeonly
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sikkerhetsoppdatering for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem2.inf
SiSAGP driver-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x14
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spotify-->"C:\Henrik\Programmer\Spotify\uninstall.exe"
Språkpakke for norsk (bokmål) for Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 Norwegian (Bokmal) Language Pack\setup.exe
SubDownloader2-->"C:\Henrik\Programmer\Subdownloader\SubDownloader2\uninstall.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.8.6e-->C:\Henrik\Programmer\VLC\uninstall.exe
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{4218D9DC-282B-4596-BEA5-F20560C14400}
Windows Live Messenger-->MsiExec.exe /X{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}
Windows Media Format 11 runtime-->"C:\Programfiler\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programfiler\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (NOR)-->MsiExec.exe /X{B0534960-A7E2-4FFD-8E27-51B4B188633F}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation NO Language Pack-->MsiExec.exe /I{42F46A4E-1662-473F-A210-C5BB3BD385CC}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Henrik\Programmer\Winrar\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Xvid 1.1.3 final uninstall-->"C:\Henrik\Programmer\Xvid-codec\Xvid\unins000.exe"

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: HAUGSFS
Event Code: 7036
Message: Tjenesten Google Software Updater gikk inn i tilstanden Kjører.

Record Number: 28979
Source Name: Service Control Manager
Time Written: 20091214220349.000000+060
Event Type: Informasjon
User:

Computer Name: HAUGSFS
Event Code: 7035
Message: Google Software Updater-tjenesten har sendt en start-kontroll.
Record Number: 28978
Source Name: Service Control Manager
Time Written: 20091214220349.000000+060
Event Type: Informasjon
User: NT-MYNDIGHET\SYSTEM

Computer Name: HAUGSFS
Event Code: 26
Message: Program-popup: Windows - Minimumsverdi for virtuelt minne er for liten : Maskinen har lite virtuelt minne. Windows øker størrelsen på sidevekslingsfilen for virtuelt minne. Under denne prosessen kan minneforespørsler for noen programmer bli avslått. Hvis du vil ha mer informasjon, se Hjelp.

Record Number: 28977
Source Name: Application Popup
Time Written: 20091214211518.000000+060
Event Type: Informasjon
User:

Computer Name: HAUGSFS
Event Code: 7036
Message: Tjenesten Google Software Updater gikk inn i tilstanden stoppet.

Record Number: 28976
Source Name: Service Control Manager
Time Written: 20091214115921.000000+060
Event Type: Informasjon
User:

Computer Name: HAUGSFS
Event Code: 7036
Message: Tjenesten Google Software Updater gikk inn i tilstanden Kjører.

Record Number: 28975
Source Name: Service Control Manager
Time Written: 20091214115820.000000+060
Event Type: Informasjon
User:

=====Application event log=====

Computer Name: HAUGSFS
Event Code: 0
Message:
Record Number: 4983
Source Name: gusvc
Time Written: 20090614023006.000000+120
Event Type: Informasjon
User:

Computer Name: HAUGSFS
Event Code: 0
Message:
Record Number: 4982
Source Name: gusvc
Time Written: 20090614022905.000000+120
Event Type: Informasjon
User:

Computer Name: HAUGSFS
Event Code: 0
Message:
Record Number: 4981
Source Name: gusvc
Time Written: 20090613175048.000000+120
Event Type: Informasjon
User:

Computer Name: HAUGSFS
Event Code: 11729
Message: Product: Google Toolbar for Internet Explorer -- Configuration failed.

Record Number: 4980
Source Name: MsiInstaller
Time Written: 20090613175047.000000+120
Event Type: Informasjon
User: NT-MYNDIGHET\SYSTEM

Computer Name: HAUGSFS
Event Code: 0
Message:
Record Number: 4979
Source Name: gusvc
Time Written: 20090613174523.000000+120
Event Type: Informasjon
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programfiler\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programfiler\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DXSDK_DIR"=C:\Henrik\Programmer\SDXK\
"CLASSPATH"=.;C:\Programfiler\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programfiler\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------





Logfile of random's system information tool 1.06 (written by random/random)
Run by Henrik at 2010-03-20 17:49:06
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (3%) free of 76 GB
Total RAM: 2015 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:18, on 20.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programfiler\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\Henrik\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\PPLive\PPVA\PPLiveVA.exe
C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programfiler\Fellesfiler\PPLiveNetwork\PPAP.exe
C:\Henrik\Programmer\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Henrik\Programmer\Daemon Tools\Phantom CD\Phantom CD\pcdservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Henrik\Programmer\Logitech\SetPoint\LU\LULnchr.exe
C:\Henrik\Programmer\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programfiler\HP\Digital Imaging\bin\hpqbam08.exe
C:\Henrik\Programmer\Antivirus\Avast2\AvastSvc.exe
C:\Henrik\Programmer\Antivirus\Avast2\avastUI.exe
C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe
C:\WINDOWS\system32\winlogon.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Henrik\Programmer\Antivirus\HiJackThis\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Henrik\Skrivebord\RSIT.exe
C:\Programfiler\trend micro\Henrik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bibelen.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/application.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - Software - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll
O2 - BHO: CDelHotkeys Object - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Henrik\Programmer\Deli.ciou.us\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Henrik\Programmer\Deli.ciou.us\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [mxomssmenu] "C:\Programfiler\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Henrik\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] C:\Henrik\PROGRA~1\ANTIVI~1\Avast2\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Henrik\Programmer\Daemon Tools\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [PPAP] "C:\Programfiler\Fellesfiler\PPLiveNetwork\PPAP.exe" -background
O4 - HKCU\..\Run: [PPLiveVA] C:\Programfiler\PPLive\PPVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.neopets.com/games/dgs/dgs_launch_game.phtml?age=1&hiscore=0&sp=0&va=1&world=Meridell&version=26&alternate=&r=970110&game_id=430&nc_referer=neopets&quality=High&width=640&height=480"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-21-1801674531-879983540-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Svein')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1801674531-879983540-725345543-1006 Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe (User 'Svein')
O4 - S-1-5-21-1801674531-879983540-725345543-1006 Startup: OpenOffice.org 3.0.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe (User 'Svein')
O4 - S-1-5-21-1801674531-879983540-725345543-1006 User Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe (User 'Svein')
O4 - S-1-5-21-1801674531-879983540-725345543-1006 User Startup: OpenOffice.org 3.0.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe (User 'Svein')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Henrik\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Google Sidewiki - res://C:\Programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Henrik\Programmer\Deli.ciou.us\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Henrik\Programmer\Deli.ciou.us\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Henrik\Programmer\Deli.ciou.us\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1184747933906
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Henrik\Programmer\Antivirus\Avast2\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Henrik\Programmer\Antivirus\Avast2\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Henrik\Programmer\Antivirus\Avast2\AvastSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Googles oppdateringstjeneste (gupdate) (gupdate) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Programfiler\Maxtor\Sync\SyncServices.exe
O23 - Service: pcdservice - Phantombility, Inc - C:\Henrik\Programmer\Daemon Tools\Phantom CD\Phantom CD\pcdservice.exe
O23 - Service: Freight Tycoon Drivers Auto Removal (pr2amjjb) (pr2amjjb) - 1C Publishing EU s.r.o. - C:\WINDOWS\system32\pr2amjjb.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13191 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{9448B123-BAA7-4252-920A-26C753FAECC5}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{D228A64E-9691-442D-AAF8-C74B47AE5CF8}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\Software]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Programfiler\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78875F5C-A685-4405-8DC5-D48DC65452B0}]
CDelHotkeys Object - C:\Henrik\Programmer\Deli.ciou.us\Delicious Add-on for Internet Explorer\DeliciousExtension.dll [2008-12-10 656624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Påloggingshjelp for Windows Live - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programfiler\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-30 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Programfiler\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - Delicious Toolbar - C:\Henrik\Programmer\Deli.ciou.us\Delicious Add-on for Internet Explorer\DeliciousExtension.dll [2008-12-10 656624]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"=SiSPower.dll,ModeAgent []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824]
"mxomssmenu"=C:\Programfiler\Maxtor\OneTouch Status\maxmenumgr.exe [2007-09-06 169264]
"NSLauncher"=C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe [2007-09-07 3100672]
"Adobe Photo Downloader"=C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"AppleSyncNotifier"=C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"HP Software Update"=C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Programfiler\QuickTime\qttask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Henrik\Programmer\iTunes\iTunesHelper.exe [2009-11-12 141600]
"avast5"=C:\Henrik\PROGRA~1\ANTIVI~1\Avast2\avastUI.exe [2010-03-09 2769336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Pro Agent"=C:\Henrik\Programmer\Daemon Tools\DAEMON Tools Pro\DTProAgent.exe []
"PPAP"=C:\Programfiler\Fellesfiler\PPLiveNetwork\PPAP.exe [2010-02-04 173512]
"PPLiveVA"=C:\Programfiler\PPLive\PPVA\PPLiveVA.exe [2009-12-30 71152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE [2008-08-06 447928]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2009-10-28 257440]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart
HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
Logitech SetPoint.lnk - C:\Henrik\Programmer\Logitech\SetPoint\SetPoint.exe
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Programfiler\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Programfiler\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd"="C:\Programfiler\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\Programfiler\Messenger\msmsgs.exe"="C:\Programfiler\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programfiler\Internet Explorer\iexplore.exe"="C:\Programfiler\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Programfiler\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Programfiler\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Programfiler\Fellesfiler\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Programfiler\Fellesfiler\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Henrik\Programmer\UTorrent\uTorrent.exe"="C:\Henrik\Programmer\UTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Programfiler\uTorrent\uTorrent.exe"="C:\Programfiler\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programfiler\Java\jre6\bin\java.exe"="C:\Programfiler\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary"
"C:\Henrik\Spill\FM 2009 Demo\fm.exe"="C:\Henrik\Spill\FM 2009 Demo\fm.exe:*:Disabled:Football Manager 2009 Demo"
"C:\Henrik\Spill\FM 2009\fm.exe"="C:\Henrik\Spill\FM 2009\fm.exe:*:Enabled:Football Manager 2009"
"C:\Henrik\Programmer\Spotify\spotify.exe"="C:\Henrik\Programmer\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Programfiler\HP\Digital Imaging\bin\hpqste08.exe"="C:\Programfiler\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Programfiler\HP\Digital Imaging\bin\hposid01.exe"="C:\Programfiler\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Programfiler\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Programfiler\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Programfiler\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Programfiler\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Programfiler\Bonjour\mDNSResponder.exe"="C:\Programfiler\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Henrik\Programmer\iTunes\iTunes.exe"="C:\Henrik\Programmer\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programfiler\Skype\Plugin Manager\skypePM.exe"="C:\Programfiler\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Programfiler\Skype\Phone\Skype.exe"="C:\Programfiler\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programfiler\PPLive\PPVA\FlvPick.exe"="C:\Programfiler\PPLive\PPVA\FlvPick.exe:*:Enabled:FlvPick"
"C:\Programfiler\PPLive\PPVA\PPLiveVA.exe"="C:\Programfiler\PPLive\PPVA\PPLiveVA.exe:*:Enabled:PPLiveVA"
"C:\Programfiler\PPLive\PPVA\PPLiveVA_U.exe"="C:\Programfiler\PPLive\PPVA\PPLiveVA_U.exe:*:Enabled:PPLiveVA"
"C:\Programfiler\PPLive\PPVA\crashreporter.exe"="C:\Programfiler\PPLive\PPVA\crashreporter.exe:*:Enabled:CrashUpload"
"C:\Programfiler\PPLive\PPVA\PPVADownload.exe"="C:\Programfiler\PPLive\PPVA\PPVADownload.exe:*:Enabled:Download"
"C:\Programfiler\PPLive\PPVA\DownloadProgress.exe"="C:\Programfiler\PPLive\PPVA\DownloadProgress.exe:*:Enabled:DownloadProgress"
"C:\Programfiler\Fellesfiler\PPLiveNetwork\PPAP.exe"="C:\Programfiler\Fellesfiler\PPLiveNetwork\PPAP.exe:*:Enabled:PPLive"
"C:\Henrik\Programmer\Mozilla Firefox\firefox.exe"="C:\Henrik\Programmer\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Programfiler\HP\Digital Imaging\bin\hpqste08.exe"="C:\Programfiler\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Programfiler\HP\Digital Imaging\bin\hposid01.exe"="C:\Programfiler\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Programfiler\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Programfiler\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Programfiler\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Programfiler\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\
shell\explore\command - F:\RECYCLER\INFO.exe
shell\open\command - F:\RECYCLER\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19b16b74-0a3f-11de-b06b-003005bcbbe1}]
shell\AutoRun\command - E:\Setup.exe


======List of files/folders created in the last 1 months======

2010-03-20 17:49:06 ----D---- C:\rsit
2010-03-20 17:49:06 ----D---- C:\Programfiler\trend micro
2010-03-14 15:29:37 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-12 17:55:54 ----D---- C:\Documents and Settings\All Users\Programdata\Alwil Software
2010-03-11 03:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-03 18:13:37 ----D---- C:\Documents and Settings\Henrik\Programdata\PPLive
2010-03-03 18:05:17 ----D---- C:\Documents and Settings\All Users\Programdata\Jlcm
2010-03-03 18:03:31 ----D---- C:\FavoriteVideo
2010-03-03 18:02:16 ----D---- C:\Documents and Settings\All Users\Programdata\PPLive
2010-03-03 18:02:09 ----D---- C:\Programfiler\PPLive
2010-03-03 18:01:55 ----D---- C:\Programfiler\Fellesfiler\PPLiveNetwork
2010-02-25 03:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$

======List of files/folders modified in the last 1 months======

2010-03-20 17:49:06 ----RD---- C:\Programfiler
2010-03-20 17:48:49 ----D---- C:\WINDOWS\Prefetch
2010-03-20 16:52:49 ----SD---- C:\WINDOWS\Tasks
2010-03-20 16:19:51 ----D---- C:\WINDOWS\Temp
2010-03-19 20:15:17 ----D---- C:\Documents and Settings\All Users\Programdata\Google Updater
2010-03-19 14:14:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-18 15:09:38 ----SHD---- C:\WINDOWS\Installer
2010-03-15 20:20:05 ----D---- C:\Documents and Settings\Henrik\Programdata\Delicious IE Extension
2010-03-15 09:58:09 ----D---- C:\WINDOWS\system32
2010-03-14 15:30:43 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-14 15:30:07 ----D---- C:\WINDOWS\system32\drivers
2010-03-14 15:29:54 ----D---- C:\WINDOWS\WinSxS
2010-03-12 20:13:36 ----D---- C:\WINDOWS
2010-03-11 03:04:00 ----HD---- C:\WINDOWS\inf
2010-03-11 03:03:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-11 03:03:50 ----D---- C:\Programfiler\Movie Maker
2010-03-11 03:03:01 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-08 20:55:47 ----RSD---- C:\WINDOWS\Fonts
2010-03-08 20:55:29 ----D---- C:\WINDOWS\Help
2010-03-03 18:01:55 ----D---- C:\Programfiler\Fellesfiler
2010-03-01 21:30:14 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-25 03:01:49 ----A---- C:\WINDOWS\imsins.BAK
2010-02-25 03:01:43 ----D---- C:\WINDOWS\ie8updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 intelppm;Intel-prosessordriver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-10-21 12032]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-03-21 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-03-21 18048]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet-kort; C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 36224]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID-klassedriver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-01-24 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-01-24 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-01-24 21568]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 mouhid;HID-driver for mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-06 12160]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-11-09 244224]
R3 usbccgp;Microsoft USB generell overordnet driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Driver for standard Microsoft USB-hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniportdriver for Microsoft USB åpen vertskontroller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER-klasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB-skannerdriver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S1 kbdhid;Tastatur-HID-driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 afd996cp;afd996cp; C:\WINDOWS\system32\drivers\afd996cp.sys []
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 pgfilter;pgfilter; \??\C:\Programfiler\PeerGuardian2\pgfilter.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 usbaudio;USB-lyddriver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 USBSTOR;USB-masselagringsenhet; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avast! Antivirus;avast! Antivirus; C:\Henrik\Programmer\Antivirus\Avast2\AvastSvc.exe [2010-03-09 40384]
R2 Bonjour Service;Bonjour-tjeneste; C:\Programfiler\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 hpqddsvc;HP CUE-tjeneste for oppdaging av enheter; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programfiler\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 Maxtor Sync Service;Maxtor Service; C:\Programfiler\Maxtor\Sync\SyncServices.exe [2007-09-28 156976]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 pcdservice;pcdservice; C:\Henrik\Programmer\Daemon Tools\Phantom CD\Phantom CD\pcdservice.exe [2008-11-06 266424]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Henrik\Programmer\Antivirus\Avast2\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Henrik\Programmer\Antivirus\Avast2\AvastSvc.exe [2010-03-09 40384]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod-tjeneste; C:\Programfiler\iPod\bin\iPodService.exe [2009-11-12 545568]
R3 ServiceLayer;ServiceLayer; C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480]
S2 gupdate;Googles oppdateringstjeneste (gupdate); C:\Programfiler\Google\Update\GoogleUpdate.exe [2009-12-26 135664]
S2 gusvc;Google Software Updater; C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 183280]
S2 pr2amjjb;Freight Tycoon Drivers Auto Removal (pr2amjjb); C:\WINDOWS\system32\pr2amjjb.exe [2007-09-07 411008]
S3 aspnet_state;Statustjeneste for ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader-tjeneste; C:\Programfiler\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programfiler\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Programfiler\Windows Media Player\WMPNetwk.exe [2006-11-15 914944]
S4 NetTcpPortSharing;Tjenesten Net.Tcp Port Sharing; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------



#7 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:08 PM

Posted 21 March 2010 - 11:25 AM

Hello, ponkis2k.
We need to download and run ComboFix (by sUBs)
  1. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  2. Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  3. Double click on ComboFix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  5. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  6. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit
  7. Click on Yes, to continue scanning for malware.
  8. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt
  • Fresh HijackThis Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#8 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:08 PM

Posted 23 March 2010 - 11:20 PM

Hello ponkis2k
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#9 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:08 PM

Posted 26 March 2010 - 06:44 AM

Due to lack of feedback, this topic has been closed. If you need this topic reopened, please send me a PM with the address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:08 PM

Posted 26 March 2010 - 06:37 PM

Reopened as per user's request.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#11 ponkis2k

ponkis2k
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 02 April 2010 - 09:53 AM

Here is the fresh HijackThis log and the Combo Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:48:53, on 02.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe
C:\Henrik\Programmer\Antivirus\Avast2\AvastSvc.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Henrik\Programmer\Daemon Tools\Phantom CD\Phantom CD\pcdservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\Henrik\Programmer\iTunes\iTunesHelper.exe
C:\Henrik\PROGRA~1\ANTIVI~1\Avast2\avastUI.exe
C:\Programfiler\PPLive\PPVA\PPLiveVA.exe
C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programfiler\Fellesfiler\PPLiveNetwork\PPAP.exe
C:\Henrik\Programmer\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\sistray.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programfiler\HP\Digital Imaging\bin\hpqbam08.exe
C:\Henrik\Programmer\Logitech\SetPoint\LU\LULnchr.exe
C:\Henrik\Programmer\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Henrik\Programmer\Mozilla Firefox\firefox.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Henrik\Programmer\Deli.ciou.us\Delicious Add-on for Internet Explorer\DeliciousManager.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bibelen.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/application.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - Software - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll
O2 - BHO: CDelHotkeys Object - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Henrik\Programmer\Deli.ciou.us\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Henrik\Programmer\Deli.ciou.us\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [mxomssmenu] "C:\Programfiler\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Henrik\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] C:\Henrik\PROGRA~1\ANTIVI~1\Avast2\avastUI.exe /nogui
O4 - HKCU\..\Run: [PPAP] "C:\Programfiler\Fellesfiler\PPLiveNetwork\PPAP.exe" -background
O4 - HKCU\..\Run: [PPLiveVA] C:\Programfiler\PPLive\PPVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.neopets.com/games/dgs/dgs_launch_game.phtml?age=1&hiscore=0&sp=0&va=1&world=Meridell&version=26&alternate=&r=970110&game_id=430&nc_referer=neopets&quality=High&width=640&height=480"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Henrik\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Google Sidewiki - res://C:\Programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Henrik\Programmer\Deli.ciou.us\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Henrik\Programmer\Deli.ciou.us\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Henrik\Programmer\Deli.ciou.us\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1184747933906
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Henrik\Programmer\Antivirus\Avast2\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Henrik\Programmer\Antivirus\Avast2\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Henrik\Programmer\Antivirus\Avast2\AvastSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Googles oppdateringstjeneste (gupdate) (gupdate) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Programfiler\Maxtor\Sync\SyncServices.exe
O23 - Service: pcdservice - Phantombility, Inc - C:\Henrik\Programmer\Daemon Tools\Phantom CD\Phantom CD\pcdservice.exe
O23 - Service: Freight Tycoon Drivers Auto Removal (pr2amjjb) (pr2amjjb) - 1C Publishing EU s.r.o. - C:\WINDOWS\system32\pr2amjjb.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11775 bytes


ComboFix 10-04-01.02 - Henrik 02.04.2010 15:56:02.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2015.1631 [GMT 2:00]
Kjører fra: c:\documents and settings\Henrik\Skrivebord\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AppPatch\AcAdProc.dll

.
((((((((((((((((((((((((((( Filer Opprettet Fra 2010-03-02 til 2010-04-02 )))))))))))))))))))))))))))))))))
.

2010-03-20 16:49 . 2010-03-20 16:55 -------- d-----w- C:\rsit
2010-03-20 16:49 . 2010-03-20 16:49 -------- d-----w- c:\programfiler\trend micro
2010-03-14 14:30 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-14 14:30 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-14 14:30 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-14 14:30 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-14 14:30 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-14 14:30 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-14 14:30 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-14 14:29 . 2010-03-09 11:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-14 14:29 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-12 16:55 . 2010-03-14 14:29 -------- d-----w- c:\documents and settings\All Users\Programdata\Alwil Software
2010-03-10 19:13 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-03 17:13 . 2010-03-03 19:03 -------- d-----w- c:\documents and settings\Henrik\Programdata\PPLive
2010-03-03 17:05 . 2010-03-03 17:05 -------- d-----w- c:\documents and settings\All Users\Programdata\Jlcm
2010-03-03 17:03 . 2010-04-02 13:31 -------- d-----w- C:\FavoriteVideo
2010-03-03 17:02 . 2010-03-03 17:03 -------- d-----w- c:\documents and settings\All Users\Programdata\PPLive
2010-03-03 17:02 . 2010-03-03 17:02 -------- d-----w- c:\documents and settings\Henrik\Lokale innstillinger\Programdata\VirtualStore
2010-03-03 17:02 . 2010-03-03 17:02 -------- d-----w- c:\programfiler\PPLive
2010-03-03 17:01 . 2010-03-03 17:02 -------- d-----w- c:\programfiler\Fellesfiler\PPLiveNetwork

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-02 13:06 . 2009-02-26 20:25 -------- d-----w- c:\documents and settings\Svein\Programdata\Delicious IE Extension
2010-04-02 13:06 . 2009-04-29 18:19 -------- d-----w- c:\documents and settings\Ida-Marie\Programdata\Delicious IE Extension
2010-04-02 09:50 . 2008-11-04 14:37 -------- d-----w- c:\documents and settings\All Users\Programdata\Google Updater
2010-03-30 06:50 . 2007-07-18 16:59 444036 ----a-w- c:\windows\system32\perfh014.dat
2010-03-30 06:50 . 2007-07-18 16:59 79648 ----a-w- c:\windows\system32\perfc014.dat
2010-03-22 20:02 . 2009-02-26 13:43 -------- d-----w- c:\documents and settings\Henrik\Programdata\Delicious IE Extension
2010-02-25 06:20 . 2007-07-18 16:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 18:08 . 2007-11-29 16:21 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-23 18:08 . 2007-11-29 16:41 168 --sh--r- c:\windows\system32\B3F9ED3CD6.sys
2010-02-11 01:59 . 2007-12-25 14:12 -------- d-----w- c:\documents and settings\Svein\Programdata\Skype
2010-02-10 23:08 . 2008-06-22 11:37 -------- d-----w- c:\documents and settings\Svein\Programdata\skypePM
2010-02-07 06:07 . 2007-09-30 14:46 -------- d-----w- c:\programfiler\Google
.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPAP"="c:\programfiler\Fellesfiler\PPLiveNetwork\PPAP.exe" [2010-02-04 173512]
"PPLiveVA"="c:\programfiler\PPLive\PPVA\PPLiveVA.exe" [2009-12-30 71152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-10-21 49152]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"mxomssmenu"="c:\programfiler\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"NSLauncher"="c:\programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]
"Adobe Photo Downloader"="c:\programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\henrik\Programmer\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"avast5"="c:\henrik\PROGRA~1\ANTIVI~1\Avast2\avastUI.exe" [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Logitech SetPoint.lnk - c:\henrik\Programmer\Logitech\SetPoint\SetPoint.exe [2008-11-15 805392]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2007-7-18 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Programfiler\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Programfiler\\Messenger\\msmsgs.exe"=
"c:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Henrik\\Programmer\\UTorrent\\uTorrent.exe"=
"c:\\Programfiler\\uTorrent\\uTorrent.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programfiler\\Java\\jre6\\bin\\java.exe"=
"c:\\Henrik\\Spill\\FM 2009\\fm.exe"=
"c:\\Henrik\\Programmer\\Spotify\\spotify.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=
"c:\\Programfiler\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=
"c:\\Programfiler\\PPLive\\PPVA\\FlvPick.exe"=
"c:\\Programfiler\\PPLive\\PPVA\\PPLiveVA.exe"=
"c:\\Programfiler\\PPLive\\PPVA\\PPLiveVA_U.exe"=
"c:\\Programfiler\\PPLive\\PPVA\\crashreporter.exe"=
"c:\\Programfiler\\PPLive\\PPVA\\PPVADownload.exe"=
"c:\\Programfiler\\PPLive\\PPVA\\DownloadProgress.exe"=
"c:\\Programfiler\\Fellesfiler\\PPLiveNetwork\\PPAP.exe"=
"c:\\Henrik\\Programmer\\Mozilla Firefox\\firefox.exe"=
"c:\\Henrik\\Programmer\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"44935:UDP"= 44935:UDP:uTorrent
"44935:TCP"= 44935:TCP:uTorrentTCP

R0 pe3amjjb;Freight Tycoon Environment Driver (pe3amjjb);c:\windows\system32\drivers\pe3amjjb.sys [07.09.2007 12:53 65152]
R0 phmcd;phmcd;c:\windows\system32\drivers\phmcd.sys [08.04.2008 20:41 44696]
R0 ps7amjjb;Freight Tycoon Synchronization Driver (ps7amjjb);c:\windows\system32\drivers\ps7amjjb.sys [07.09.2007 12:53 68744]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04.03.2009 23:03 685816]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.03.2010 16:30 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.03.2010 16:30 19024]
R2 pcdservice;pcdservice;c:\henrik\Programmer\Daemon Tools\Phantom CD\Phantom CD\pcdservice.exe [18.09.2008 18:27 266424]
S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [26.12.2009 21:59 135664]
S2 pr2amjjb;Freight Tycoon Drivers Auto Removal (pr2amjjb);c:\windows\system32\pr2amjjb.exe svc --> c:\windows\system32\pr2amjjb.exe svc [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [27.04.2008 13:13 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [27.04.2008 13:13 8320]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [20.08.2008 15:51 40448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2010-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-30 20:46]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2009-12-26 19:58]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2009-12-26 19:58]

2010-04-02 c:\windows\Tasks\User_Feed_Synchronization-{9448B123-BAA7-4252-920A-26C753FAECC5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2010-04-02 c:\windows\Tasks\User_Feed_Synchronization-{D228A64E-9691-442D-AAF8-C74B47AE5CF8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.bibelen.no/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab
FF - ProfilePath - c:\documents and settings\Henrik\Programdata\Mozilla\Firefox\Profiles\f84ljxdt.default\
FF - plugin: c:\henrik\programmer\adobe reader\Reader\Browser\nppdf32.dll
FF - plugin: c:\henrik\Programmer\Adobe Reader\Reader\browser\nppdf32.dll
FF - plugin: c:\henrik\Programmer\Div-X\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: c:\henrik\Programmer\Div-X\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\henrik\Programmer\Div-X\DivX\DivX Web Player\npdivx32.dll
FF - plugin: c:\henrik\Programmer\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\henrik\Programmer\Opera\program\plugins\npdsplay.dll
FF - plugin: c:\henrik\Programmer\Opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\programfiler\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programfiler\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programfiler\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\henrik\Programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
.
- - - - TOMME PEKERE FJERNET - - - -

HKCU-Run-DAEMON Tools Pro Agent - c:\henrik\Programmer\Daemon Tools\DAEMON Tools Pro\DTProAgent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 16:30
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8A38A8AC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8fcf28
\Driver\ACPI -> ACPI.sys @ 0xba67dcb8
\Driver\atapi -> atapi.sys @ 0xba5fcb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: ADMtek AN983-basert ethernet-kort -> SendCompleteHandler -> NDIS.sys @ 0xba4f4b0a
PacketIndicateHandler -> NDIS.sys @ 0xba4ffa21
SendHandler -> NDIS.sys @ 0xba4f4949
user & kernel MBR OK

**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_USERS\S-1-5-21-1801674531-879983540-725345543-1004\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Documents and Settings\\Henrik\\Mine dokumenter\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\Henrik\\Mine dokumenter\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Documents and Settings\\Henrik\\Mine dokumenter\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\Henrik\\Spill\\FM 2009\\fm_genie_scout_2009_xe\\FM Genie Scout 2009 XE\\History Points"
"LangDB"="c:\\Henrik\\Spill\\FM 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:0000005f
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000066
"UniqueID"="E4-0450-665F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll
c:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3240)
c:\henrik\Programmer\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\programfiler\Lavasoft\Ad-Aware\aawservice.exe
c:\henrik\Programmer\Antivirus\Avast2\AvastSvc.exe
c:\windows\system32\brss01a.exe
c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programfiler\Bonjour\mDNSResponder.exe
c:\programfiler\Java\jre6\bin\jqs.exe
c:\programfiler\Maxtor\Sync\SyncServices.exe
c:\windows\system32\PSIService.exe
c:\windows\SOUNDMAN.EXE
c:\programfiler\iPod\bin\iPodService.exe
c:\programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE
c:\programfiler\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programfiler\HP\Digital Imaging\bin\hpqbam08.exe
c:\henrik\Programmer\Logitech\SetPoint\LU\LULnchr.exe
c:\henrik\Programmer\Logitech\SetPoint\LU\LogitechUpdate.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2010-04-02 16:42:25 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2010-04-02 14:42

Pre-Run: 1 484 640 256 byte ledig
Post-Run: 6 289 842 176 byte ledig

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A9DC73678A5AAAB27ECFF7106471BD6D


#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:08 PM

Posted 02 April 2010 - 01:56 PM

Hi ponkis2k,

aommaster will not be available for a while and I'll be helping you.
  1. Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • If DeFogger ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed.

  2. Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  3. Run ComboFix once more. If it wanted to download a latest version please allow it. Post the log it creates.





#13 ponkis2k

ponkis2k
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 03 April 2010 - 10:35 AM

Here is the log, but it did not find anything new.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3949

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03.04.2010 16:47:44
mbam-log-2010-04-03 (16-47-44).txt

Scan type: Quick scan
Objects scanned: 132474
Time elapsed: 10 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:08 PM

Posted 03 April 2010 - 11:15 AM

That is good. Let's see the fresh Combofix log.

#15 ponkis2k

ponkis2k
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 03 April 2010 - 12:04 PM

OK, here it is, and I would like to add that when I ran the ComboFix, Adobe all of the sudden wanted to update.


ComboFix 10-04-02.01 - Henrik 03.04.2010 18:44:56.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2015.1429 [GMT 2:00]
Kjører fra: c:\documents and settings\Henrik\Skrivebord\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-03-03 til 2010-04-03 )))))))))))))))))))))))))))))))))
.

2010-04-03 13:58 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-03 13:58 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-03 13:44 . 2010-04-03 13:44 -------- d-----w- c:\documents and settings\Henrik\Programdata\Malwarebytes
2010-04-03 13:43 . 2010-04-03 13:43 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes
2010-04-02 14:48 . 2010-04-02 14:48 -------- d-----w- C:\Program Files
2010-03-20 16:49 . 2010-03-20 16:55 -------- d-----w- C:\rsit
2010-03-20 16:49 . 2010-03-20 16:49 -------- d-----w- c:\programfiler\trend micro
2010-03-15 18:32 . 2010-03-15 18:32 388096 ----a-r- c:\documents and settings\Henrik\Programdata\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-14 14:30 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-14 14:30 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-14 14:30 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-14 14:30 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-14 14:30 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-14 14:30 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-14 14:30 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-14 14:29 . 2010-03-09 11:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-14 14:29 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-12 16:55 . 2010-03-14 14:29 -------- d-----w- c:\documents and settings\All Users\Programdata\Alwil Software
2010-03-10 19:13 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 10:51 . 2008-11-04 14:37 -------- d-----w- c:\documents and settings\All Users\Programdata\Google Updater
2010-04-03 09:05 . 2009-04-29 18:19 -------- d-----w- c:\documents and settings\Ida-Marie\Programdata\Delicious IE Extension
2010-04-03 07:06 . 2009-02-26 20:25 -------- d-----w- c:\documents and settings\Svein\Programdata\Delicious IE Extension
2010-04-02 14:54 . 2009-02-26 13:43 -------- d-----w- c:\documents and settings\Henrik\Programdata\Delicious IE Extension
2010-03-30 06:50 . 2007-07-18 16:59 444036 ----a-w- c:\windows\system32\perfh014.dat
2010-03-30 06:50 . 2007-07-18 16:59 79648 ----a-w- c:\windows\system32\perfc014.dat
2010-03-22 09:28 . 2008-11-04 16:05 1 ----a-w- c:\documents and settings\Henrik\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-08 19:16 . 2008-11-12 18:40 1 ----a-w- c:\documents and settings\Svein\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-03 19:03 . 2010-03-03 17:13 -------- d-----w- c:\documents and settings\Henrik\Programdata\PPLive
2010-03-03 17:05 . 2010-03-03 17:05 -------- d-----w- c:\documents and settings\All Users\Programdata\Jlcm
2010-03-03 17:03 . 2010-03-03 17:02 -------- d-----w- c:\documents and settings\All Users\Programdata\PPLive
2010-03-03 17:02 . 2010-03-03 17:02 -------- d-----w- c:\programfiler\PPLive
2010-03-03 17:02 . 2010-03-03 17:01 -------- d-----w- c:\programfiler\Fellesfiler\PPLiveNetwork
2010-02-25 06:20 . 2007-07-18 16:54 916480 ------w- c:\windows\system32\wininet.dll
2010-02-23 18:08 . 2007-11-29 16:21 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-23 18:08 . 2007-11-29 16:41 168 --sh--r- c:\windows\system32\B3F9ED3CD6.sys
2010-02-11 01:59 . 2007-12-25 14:12 -------- d-----w- c:\documents and settings\Svein\Programdata\Skype
2010-02-10 23:08 . 2008-06-22 11:37 -------- d-----w- c:\documents and settings\Svein\Programdata\skypePM
2010-02-07 06:07 . 2007-09-30 14:46 -------- d-----w- c:\programfiler\Google
2010-01-25 09:58 . 2007-08-09 10:08 462848 ----a-w- c:\windows\system32\ractrlkeyhook.dll
2010-01-16 20:41 . 2009-01-11 23:05 1 ----a-w- c:\documents and settings\Ida-Marie\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-11 11:20 . 2010-01-11 11:20 79144 ----a-w- c:\documents and settings\All Users\Programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPAP"="c:\programfiler\Fellesfiler\PPLiveNetwork\PPAP.exe" [2010-02-04 173512]
"PPLiveVA"="c:\programfiler\PPLive\PPVA\PPLiveVA.exe" [2009-12-30 71152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-10-21 49152]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"mxomssmenu"="c:\programfiler\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"NSLauncher"="c:\programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]
"Adobe Photo Downloader"="c:\programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\henrik\Programmer\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"avast5"="c:\henrik\PROGRA~1\ANTIVI~1\Avast2\avastUI.exe" [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Logitech SetPoint.lnk - c:\henrik\Programmer\Logitech\SetPoint\SetPoint.exe [2008-11-15 805392]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2007-7-18 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Programfiler\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Programfiler\\Messenger\\msmsgs.exe"=
"c:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Henrik\\Programmer\\UTorrent\\uTorrent.exe"=
"c:\\Programfiler\\uTorrent\\uTorrent.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programfiler\\Java\\jre6\\bin\\java.exe"=
"c:\\Henrik\\Spill\\FM 2009\\fm.exe"=
"c:\\Henrik\\Programmer\\Spotify\\spotify.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=
"c:\\Programfiler\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=
"c:\\Programfiler\\PPLive\\PPVA\\FlvPick.exe"=
"c:\\Programfiler\\PPLive\\PPVA\\PPLiveVA.exe"=
"c:\\Programfiler\\PPLive\\PPVA\\PPLiveVA_U.exe"=
"c:\\Programfiler\\PPLive\\PPVA\\crashreporter.exe"=
"c:\\Programfiler\\PPLive\\PPVA\\PPVADownload.exe"=
"c:\\Programfiler\\PPLive\\PPVA\\DownloadProgress.exe"=
"c:\\Programfiler\\Fellesfiler\\PPLiveNetwork\\PPAP.exe"=
"c:\\Henrik\\Programmer\\Mozilla Firefox\\firefox.exe"=
"c:\\Henrik\\Programmer\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"44935:UDP"= 44935:UDP:uTorrent
"44935:TCP"= 44935:TCP:uTorrentTCP

R0 pe3amjjb;Freight Tycoon Environment Driver (pe3amjjb);c:\windows\system32\drivers\pe3amjjb.sys [07.09.2007 12:53 65152]
R0 phmcd;phmcd;c:\windows\system32\drivers\phmcd.sys [08.04.2008 20:41 44696]
R0 ps7amjjb;Freight Tycoon Synchronization Driver (ps7amjjb);c:\windows\system32\drivers\ps7amjjb.sys [07.09.2007 12:53 68744]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.03.2010 16:30 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.03.2010 16:30 19024]
R2 pcdservice;pcdservice;c:\henrik\Programmer\Daemon Tools\Phantom CD\Phantom CD\pcdservice.exe [18.09.2008 18:27 266424]
S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [26.12.2009 21:59 135664]
S2 pr2amjjb;Freight Tycoon Drivers Auto Removal (pr2amjjb);c:\windows\system32\pr2amjjb.exe svc --> c:\windows\system32\pr2amjjb.exe svc [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [27.04.2008 13:13 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [27.04.2008 13:13 8320]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [20.08.2008 15:51 40448]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04.03.2009 23:03 685816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2010-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-04-03 c:\windows\Tasks\Google Software Updater.job
- c:\programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-30 20:46]

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2009-12-26 19:58]

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2009-12-26 19:58]

2010-04-03 c:\windows\Tasks\User_Feed_Synchronization-{9448B123-BAA7-4252-920A-26C753FAECC5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2010-04-03 c:\windows\Tasks\User_Feed_Synchronization-{D228A64E-9691-442D-AAF8-C74B47AE5CF8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.bibelen.no/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab
FF - ProfilePath - c:\documents and settings\Henrik\Programdata\Mozilla\Firefox\Profiles\f84ljxdt.default\
FF - plugin: c:\henrik\programmer\adobe reader\Reader\Browser\nppdf32.dll
FF - plugin: c:\henrik\Programmer\Adobe Reader\Reader\browser\nppdf32.dll
FF - plugin: c:\henrik\Programmer\Div-X\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: c:\henrik\Programmer\Div-X\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\henrik\Programmer\Div-X\DivX\DivX Web Player\npdivx32.dll
FF - plugin: c:\henrik\Programmer\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\henrik\Programmer\Opera\program\plugins\npdsplay.dll
FF - plugin: c:\henrik\Programmer\Opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\programfiler\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programfiler\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programfiler\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\henrik\Programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-03 18:56
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_USERS\S-1-5-21-1801674531-879983540-725345543-1004\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Documents and Settings\\Henrik\\Mine dokumenter\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\Henrik\\Mine dokumenter\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Documents and Settings\\Henrik\\Mine dokumenter\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\Henrik\\Spill\\FM 2009\\fm_genie_scout_2009_xe\\FM Genie Scout 2009 XE\\History Points"
"LangDB"="c:\\Henrik\\Spill\\FM 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:0000005f
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000066
"UniqueID"="E4-0450-665F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll
c:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2360)
c:\henrik\Programmer\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tidspunkt ferdig: 2010-04-03 19:01:11
ComboFix-quarantined-files.txt 2010-04-03 17:00
ComboFix2.txt 2010-04-02 14:42

Pre-Run: 6 056 013 824 byte ledig
Post-Run: 6 114 701 312 byte ledig

- - End Of File - - 9E596C9A34DE4FDDC23C78D8D4383E06





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users