Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I have malware, just don't know which and where [Solved]

Started by kasperbs , Apr 15 2009 07:23 AM

  • This topic is locked This topic is locked

#1
kasperbs
Posted 15 April 2009 - 07:23 AM

kasperbs

    Member

  • Member
  • PipPip
  • 32 posts
As a follow up from this post I'm going to post my problem here.

I have been told I have malware and have completed the pre posting stuff and ran all the cleaning programs and got all the logs.

My Malwarebytes' log was clean but here are the other ones.

Rooter.txt

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:76316 Mo/Free:2576 Mo)
D:\ [CD-Rom] (Total:1000 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:3878 Mo/Free:2113 Mo)

15-04-2009|14:37

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Programmer\Windows Defender\MsMpEng.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\Programmer\Norman\Npm\Bin\Zanda.exe
---------- C:\Programmer\Norman\npm\bin\nvoy.exe
---------- C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Programmer\Google\Update\GoogleUpdate.exe
---------- C:\Programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
---------- C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Programmer\Bonjour\mDNSResponder.exe
---------- C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
---------- C:\Programmer\Java\jre6\bin\jqs.exe
---------- C:\Programmer\KLS Soft\KLS Backup 2008 Professional\klsbservice.exe
---------- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdeserv.exe
---------- C:\WINDOWS\system32\lxdecoms.exe
---------- C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Programmer\Canon\CAL\CALMAIN.exe
---------- C:\Programmer\Norman\Npm\Bin\Njeeves.exe
---------- C:\Programmer\Norman\Npm\Bin\Nvcsched.exe
---------- C:\Programmer\Norman\nse\bin\NSESVC.EXE
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Programmer\Norman\Npm\Bin\ZLH.EXE
---------- C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe
---------- C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
---------- C:\Programmer\Lexmark 4800 Series\lxdemon.exe
---------- C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
---------- C:\Programmer\Lexmark 4800 Series\lxdeamon.exe
---------- C:\Programmer\Fælles filer\Nokia\MPlatform\NokiaMServer.exe
---------- C:\Programmer\Java\jre6\bin\jusched.exe
---------- C:\Programmer\Salling Software AB\Salling Media Sync\Salling Media Sync.exe
---------- C:\Programmer\iTunes\iTunesHelper.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Programmer\Intel\Wireless\Bin\Dot1XCfg.exe
---------- C:\Programmer\Skype\Phone\Skype.exe
---------- C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
---------- C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe
---------- C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe
---------- C:\Programmer\iPod\bin\iPodService.exe
---------- C:\Programmer\Logitech\Desktop Messenger\SetPoint\SetPoint.exe
---------- C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
---------- C:\Programmer\Norman\Nvc\bin\nvcoas.exe
---------- C:\Programmer\Nokia\PC Connectivity Solution\ServiceLayer.exe
---------- C:\Programmer\Norman\Nvc\Bin\Nip.exe
---------- C:\Programmer\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
---------- C:\Programmer\Norman\Nvc\Bin\cclaw.exe
---------- C:\Programmer\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
---------- C:\Programmer\Skype\Plugin Manager\skypePM.exe
---------- C:\Programmer\Mozilla Firefox\firefox.exe
---------- C:\DOCUME~1\aktiv\LOKALE~1\Temp\mozOpenDownload\Rooter.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\6aQWAKfB.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe
Trojan ! .. C:\WINDOWS\system32\GFh31xM6.exe

----------------------\\ Tasks

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\aktiv\Dokumenter\Rudolf\Mine Dokumenter\PC Filer & Programmer\ISO filer Programmer\Photoshop\Adobe_Photoshop_CS_8.0.1_dansk.part1\Adobe_Photoshop_CS_keygen.exe
C:\DOCUME~1\aktiv\Dokumenter\Rudolf\Mine Dokumenter\PC Filer & Programmer\ISO filer Programmer\Windows Software\Basis Programmer\Andet\Alcohol 120%\Alcohol 120% v1.9.2.1705 Multilanguage + serial (OK)\crack\serial.txt
C:\DOCUME~1\aktiv\Dokumenter\Rudolf\Mine Dokumenter\PC Filer & Programmer\ISO filer Programmer\Windows Software\Basis Programmer\Vedligeholdelse\Reng›r PC\crack\packed.exe


1 - "C:\Rooter$\Rooter_1.txt" - 15-04-2009|14:38

----------------------\\ Scan completed at 14:38


OTListIt2

OTListIt logfile created on: 15-04-2009 15:01:41 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\DOCUME~1\aktiv\LOKALE~1\Temp\mozOpenDownload
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,64% Memory free
3,35 Gb Paging File | 2,63 Gb Available in Paging File | 78,50% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 74,53 Gb Total Space | 10,19 Gb Free Space | 13,68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3,79 Gb Total Space | 2,06 Gb Free Space | 54,49% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VUC
Current User Name: aktiv
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Programmer\Norman\Npm\Bin\eLogsvc.exe (Norman ASA)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Programmer\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Programmer\Norman\Npm\Bin\Zanda.exe (Norman ASA)
PRC - C:\Programmer\Norman\npm\bin\nvoy.exe (Norman ASA)
PRC - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Programmer\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programmer\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Programmer\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Programmer\KLS Soft\KLS Backup 2008 Professional\klsbservice.exe (KLS Soft)
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdeserv.exe (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\lxdecoms.exe ( )
PRC - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Programmer\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Programmer\Norman\Npm\Bin\Nvcsched.exe (Norman ASA)
PRC - C:\Programmer\Norman\Npm\Bin\Njeeves.exe (Norman ASA)
PRC - C:\Programmer\Norman\nse\bin\NSESVC.EXE (Norman ASA)
PRC - C:\Programmer\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
PRC - C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
PRC - C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Programmer\Lexmark 4800 Series\lxdemon.exe ()
PRC - C:\Programmer\Lexmark 4800 Series\lxdeamon.exe ()
PRC - C:\Programmer\Fælles filer\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Programmer\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programmer\Salling Software AB\Salling Media Sync\Salling Media Sync.exe (Salling Software AB)
PRC - C:\Programmer\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Programmer\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Programmer\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Programmer\Logitech\Desktop Messenger\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programmer\Norman\Nvc\bin\nvcoas.exe (Norman ASA)
PRC - C:\Programmer\Norman\Nvc\Bin\Nip.exe (Norman ASA)
PRC - C:\Programmer\Norman\Nvc\Bin\cclaw.exe (Norman ASA)
PRC - C:\Programmer\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (ATI Technologies Inc.)
PRC - C:\Programmer\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Programmer\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Programmer\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe ()
PRC - C:\Programmer\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe ()
PRC - C:\Programmer\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\aktiv\Lokale indstillinger\Temp\mozOpenDownload\OTListIt2[1].exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AdobeActiveFileMonitor6.0 [Auto | Running]) -- C:\Programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Programmer\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CCALib8 [Auto | Running]) -- C:\Programmer\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (eLoggerSvc6 [Auto | Running]) -- C:\Programmer\Norman\Npm\Bin\eLogsvc.exe (Norman ASA)
SRV - (EvtEng [Auto | Running]) -- C:\Programmer\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c9a59b4acbd5da [Auto | Stopped]) -- C:\Programmer\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Programmer\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Programmer\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (KLSBackup2008Pro [Auto | Running]) -- C:\Programmer\KLS Soft\KLS Backup 2008 Professional\klsbservice.exe (KLS Soft)
SRV - (LBTServ [On_Demand | Stopped]) -- C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (lxdeCATSCustConnectService [Auto | Running]) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdeserv.exe (Lexmark International, Inc.)
SRV - (lxde_device [Auto | Running]) -- C:\WINDOWS\system32\lxdecoms.exe ( )
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Stopped]) -- File not found
SRV - (Norman NJeeves [On_Demand | Running]) -- C:\Programmer\Norman\Npm\Bin\Njeeves.exe (Norman ASA)
SRV - (Norman ZANDA [Auto | Running]) -- C:\Programmer\Norman\Npm\Bin\Zanda.exe (Norman ASA)
SRV - (nsesvc [On_Demand | Running]) -- C:\Programmer\Norman\nse\bin\NSESVC.EXE (Norman ASA)
SRV - (nvcoas [On_Demand | Running]) -- C:\Programmer\Norman\Nvc\bin\nvcoas.exe (Norman ASA)
SRV - (NVCScheduler [On_Demand | Running]) -- C:\Programmer\Norman\Npm\Bin\Nvcsched.exe (Norman ASA)
SRV - (NVOY [Auto | Running]) -- C:\Programmer\Norman\npm\bin\nvoy.exe (Norman ASA)
SRV - (odserv [On_Demand | Stopped]) -- C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RegSrvc [Auto | Running]) -- C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (ServiceLayer [On_Demand | Running]) -- C:\Programmer\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (TuneUp.Defrag [On_Demand | Stopped]) -- C:\WINDOWS\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp [Auto | Running]) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WinDefend [Auto | Running]) -- C:\Programmer\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Programmer\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Cisco Systems, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (CPen20 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\CPen20.sys (Anoto)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (grmnusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\grmnusb.sys (GARMIN Corp.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (LHidFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV - (LMouFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV - (LUsbFilt [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\LUsbFilt.Sys (Logitech, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MTC0301_CIR [Auto | Running]) -- C:\WINDOWS\system32\drivers\CIR.sys ()
DRV - (Ndiskio [Auto | Running]) -- C:\Programmer\Norman\Nse\bin\NDISKIO.SYS (Norman ASA)
DRV - (netr73 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\netr73.sys (Ralink Technology Inc.)
DRV - (NETw4x32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NETw4x32.sys (Intel Corporation)
DRV - (NGS [System | Running]) -- c:\programmer\norman\ngs\bin\ngs.sys (Norman ASA)
DRV - (nmwcd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (NvcMFlt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys (Norman ASA)
DRV - (O2MDRDR [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\o2media.sys (O2Micro )
DRV - (pccsmcfd [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys (Nokia)
DRV - (pendfu [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\pendfu.sys (Anoto AB)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (UIUSys [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS (Conexant Systems, Inc)
DRV - (upperdev [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbser.sys (Microsoft Corporation)
DRV - (UsbserFilt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)
DRV - (vnccom [Auto | Running]) -- C:\WINDOWS\System32\Drivers\vnccom.SYS (RDV Soft)
DRV - (vncdrv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\vncdrv.sys (RDV Soft)
DRV - (winachsf [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.dk...da|about:blank"
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.3
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.8.5
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.2
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {F0B6E3F9-ECD1-40b6-A25F-5C3FF68FB079}:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.685
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAMMER\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\ [2009-03-30 21:22:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAMMER\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009-03-08 18:42:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAMMER\MOZILLA FIREFOX\COMPONENTS [2009-04-12 17:56:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAMMER\MOZILLA FIREFOX\PLUGINS [2009-04-08 12:10:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\PROGRAMMER\MOZILLA THUNDERBIRD\COMPONENTS [2009-01-13 17:24:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\PROGRAMMER\MOZILLA THUNDERBIRD\PLUGINS [2009-04-08 12:10:20 | 00,000,000 | ---D | M]

[2008-03-01 14:53:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aktiv\Application Data\mozilla\Extensions
[2008-03-01 14:53:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aktiv\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-04-15 12:28:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aktiv\Application Data\mozilla\Firefox\Profiles\rqwr5bon.default\extensions
[2009-03-29 12:35:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aktiv\Application Data\mozilla\Firefox\Profiles\rqwr5bon.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2008-08-03 15:57:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aktiv\Application Data\mozilla\Firefox\Profiles\rqwr5bon.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
[2008-12-11 10:54:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aktiv\Application Data\mozilla\Firefox\Profiles\rqwr5bon.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009-04-12 17:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aktiv\Application Data\mozilla\Firefox\Profiles\rqwr5bon.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2008-10-11 16:39:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aktiv\Application Data\mozilla\Firefox\Profiles\rqwr5bon.default\extensions\{F0B6E3F9-ECD1-40b6-A25F-5C3FF68FB079}
[2008-08-03 15:58:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aktiv\Application Data\mozilla\Firefox\Profiles\rqwr5bon.default\extensions\foxmarks@kei(2).com
[2009-04-12 17:31:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aktiv\Application Data\mozilla\Firefox\Profiles\rqwr5bon.default\extensions\[email protected]
[2009-04-15 12:28:16 | 00,000,000 | ---D | M] -- C:\Programmer\mozilla firefox\extensions
[2009-03-29 12:35:47 | 00,000,000 | ---D | M] -- C:\Programmer\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008-11-29 00:18:12 | 00,000,000 | ---D | M] -- C:\Programmer\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008-01-25 00:13:22 | 00,000,000 | ---D | M] -- C:\Programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009-03-08 18:42:19 | 00,000,000 | ---D | M] -- C:\Programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009-03-31 20:20:05 | 00,000,000 | ---D | M] -- C:\Programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009-03-29 12:35:39 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Programmer\mozilla firefox\components\browserdirprovider.dll
[2009-03-29 12:35:39 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Programmer\mozilla firefox\components\brwsrcmp.dll
[2009-02-08 10:39:50 | 00,001,525 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\amazon-co-uk.xml
[2009-02-08 10:39:51 | 00,002,193 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\answers.xml
[2009-02-08 10:39:51 | 00,001,534 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\creativecommons.xml
[2009-02-08 10:39:51 | 00,002,343 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\eBay.xml
[2009-02-08 10:39:51 | 00,001,706 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\google.xml
[2009-02-08 10:39:51 | 00,001,178 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\wikipedia-da.xml
[2009-02-08 10:39:51 | 00,000,799 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\yahoo-dk.xml

O1 HOSTS File: (312221 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10750 more lines...
O2 - BHO: (Lexmark Værktøjslinje) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programmer\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programmer\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Lexmark Værktøjslinje) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [IntelWireless] "C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [lxdeamon] "C:\Programmer\Lexmark 4800 Series\lxdeamon.exe" ()
O4 - HKLM..\Run: [lxdemon.exe] "C:\Programmer\Lexmark 4800 Series\lxdemon.exe" ()
O4 - HKLM..\Run: [NokiaMServer] C:\Programmer\Fælles filer\Nokia\MPlatform\NokiaMServer /watchfiles (Nokia)
O4 - HKLM..\Run: [Norman ZANDA] "C:\Programmer\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH (Norman ASA)
O4 - HKLM..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Salling Media Sync] "C:\Programmer\Salling Software AB\Salling Media Sync\Salling Media Sync.exe" -atboottime (Salling Software AB)
O4 - HKLM..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [PC Suite Tray] "C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia)
O4 - HKCU..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - Startup: C:\Documents and Settings\aktiv\Menuen Start\Programmer\Start\ERUNT AutoBackup.lnk = C:\Programmer\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Logitech SetPoint.lnk = C:\Programmer\Logitech\Desktop Messenger\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download alle med FlashGet - C:\Programmer\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download med FlashGet - C:\Programmer\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Add to AMV Converter... - C:\Programmer\MP3 Player Utilities 4.05\AMVConverter\grab.html File not found
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmer\MP3 Player Utilities 4.05\MediaManager\grab.html File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmer\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmer\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmer\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} https://www.portalba...e-prod-1.20.cab (ActiveX sikkerhedssoftware Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmer\Fælles filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programmer\fælles filer\logitech\bluetooth\LBTWlgn.dll - c:\programmer\fælles filer\logitech\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Min aktuelle startside) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programmer\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{3a5aa36e-0b97-11dd-83be-0040d0a0f917}\Shell\AutoRun\command - "" = G:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-04-15 14:53:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-04-15 14:46:39 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009-04-15 14:37:57 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009-04-15 14:37:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aktiv\Skrivebord\Kasper
[2009-04-15 14:37:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aktiv\Skrivebord\15-04-2009
[2009-04-15 14:36:31 | 00,000,752 | ---- | C] () -- C:\Documents and Settings\aktiv\Menuen Start\Programmer\Start\ERUNT AutoBackup.lnk
[2009-04-15 14:36:28 | 00,000,000 | ---D | C] -- C:\Programmer\ERUNT
[2009-04-15 12:35:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aktiv\Dokumenter\DVDVideoSoft
[2009-04-15 12:35:40 | 00,000,000 | ---D | C] -- C:\Programmer\Fælles filer\DVDVideoSoft
[2009-04-15 12:35:40 | 00,000,000 | ---D | C] -- C:\Programmer\DVDVideoSoft
[2009-04-15 12:20:59 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009-04-15 12:20:58 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009-04-15 12:20:58 | 00,284,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009-04-15 12:20:58 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009-04-15 12:20:57 | 00,730,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009-04-15 12:20:57 | 00,719,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009-04-15 12:20:57 | 00,682,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009-04-15 12:20:57 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009-04-15 12:20:57 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009-04-15 12:20:12 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009-04-15 12:20:12 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009-04-12 08:50:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aktiv\Skrivebord\Kopi af USB nøgle 12_04_2009
[2009-04-12 00:06:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aktiv\Application Data\Malwarebytes
[2009-04-12 00:06:39 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-04-12 00:06:36 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-04-12 00:06:35 | 00,000,000 | ---D | C] -- C:\Programmer\Malwarebytes' Anti-Malware
[2009-04-12 00:06:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009-04-11 23:51:00 | 00,153,104 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009-04-11 09:56:14 | 00,000,912 | ---- | C] () -- C:\Documents and Settings\aktiv\Skrivebord\Spybot - Search & Destroy.lnk
[2009-04-11 09:56:09 | 00,000,000 | ---D | C] -- C:\Programmer\Spybot - Search & Destroy
[2009-04-11 09:56:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009-04-08 17:05:49 | 00,000,000 | ---D | C] -- C:\Sysclean
[2009-04-08 16:41:11 | 00,000,000 | ---D | C] -- C:\Programmer\CleanUp!
[2009-04-08 16:34:35 | 00,016,320 | ---- | C] () -- C:\Documents and Settings\aktiv\Dokumenter\cc_20090408_163431.reg
[2009-04-08 12:10:48 | 00,000,000 | ---D | C] -- C:\Programmer\iPod
[2009-04-08 12:10:44 | 00,000,000 | ---D | C] -- C:\Programmer\iTunes
[2009-04-08 12:10:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009-04-08 12:10:28 | 00,000,000 | ---D | C] -- C:\Programmer\Bonjour
[2009-04-08 12:09:58 | 00,000,000 | ---D | C] -- C:\Programmer\QuickTime
[2009-04-08 12:09:46 | 00,000,278 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-04-08 12:09:42 | 00,000,000 | ---D | C] -- C:\Programmer\Apple Software Update
[2009-04-08 12:09:20 | 00,000,000 | ---D | C] -- C:\Programmer\Fælles filer\Apple
[2009-04-08 12:09:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009-04-08 11:33:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Salling_Software_AB
[2009-04-08 11:33:20 | 00,000,000 | ---D | C] -- C:\Programmer\Salling Software AB
[2009-04-06 17:42:44 | 00,126,586 | ---- | C] () -- C:\Documents and Settings\aktiv\Skrivebord\113 England forår 2008.jpg
[2009-04-06 16:13:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009-04-06 16:13:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009-03-31 20:40:40 | 00,286,792 | ---- | C] () -- C:\Documents and Settings\aktiv\Skrivebord\31032009005.jpg
[2009-03-31 16:53:07 | 00,035,328 | -HS- | C] () -- C:\Documents and Settings\aktiv\Dokumenter\Thumbs.db
[2009-03-30 21:22:44 | 00,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Nokia PC Suite.lnk
[2009-03-30 21:22:37 | 00,000,000 | ---D | C] -- C:\Programmer\Fælles filer\PCSuite
[2009-03-30 21:16:28 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2009-03-30 21:16:27 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2009-03-30 21:16:11 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2009-03-30 21:11:53 | 01,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll
[2009-03-30 21:11:53 | 00,659,968 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2009-03-30 21:11:53 | 00,017,664 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2009-03-30 21:11:14 | 00,001,834 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Nokia Software Updater.lnk
[2009-03-29 12:34:29 | 00,002,176 | -H-- | C] () -- C:\Documents and Settings\aktiv\Dokumenter\ZbThumbnail.info
[2009-03-23 20:30:31 | 00,000,000 | ---D | C] -- C:\Programmer\Fælles filer\ODBC
[2009-03-23 16:44:53 | 00,010,018 | ---- | C] () -- C:\Documents and Settings\aktiv\Dokumenter\cc_20090323_154451.reg
[2009-03-23 16:42:53 | 00,001,521 | ---- | C] () -- C:\Documents and Settings\aktiv\Skrivebord\CCleaner.lnk
[2009-03-23 16:37:03 | 00,617,086 | ---- | C] () -- C:\Documents and Settings\aktiv\Dokumenter\cc_20090323_1536.reg
[2009-03-21 16:08:56 | 01,006,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2009-03-21 14:07:05 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009-03-19 17:12:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aktiv\Application Data\Nseries
[2009-03-19 17:04:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\IsolatedStorage
[2009-03-19 17:03:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Nokia
[2009-03-19 16:56:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Globalization
[2009-03-19 16:55:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009-03-19 16:54:22 | 00,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Nokia Photos.lnk
[2009-03-19 16:54:05 | 00,000,000 | ---D | C] -- C:\Programmer\Fælles filer\muvee Technologies
[2009-03-19 16:52:13 | 00,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2009-03-19 16:47:00 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2009-03-14 10:50:23 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdevs.dll
[2009-03-14 10:50:21 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdecoin.dll
[2009-03-14 10:49:40 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdedrs.dll
[2009-03-14 10:49:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdecaps.dll
[2009-03-14 10:49:39 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdecnv4.dll
[2009-03-14 10:49:08 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2009-03-14 10:46:47 | 00,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxderwrd.ini
[2009-03-14 10:46:33 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdeinst.dll
[2009-03-14 10:46:32 | 00,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdehcp.dll
[2009-03-14 10:46:31 | 00,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeusb1.dll
[2009-03-14 10:46:31 | 00,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeinpa.dll
[2009-03-14 10:46:31 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeiesc.dll
[2009-03-14 10:46:30 | 01,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeserv.dll
[2009-03-14 10:46:30 | 00,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdepmui.dll
[2009-03-14 10:46:30 | 00,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdelmpm.dll
[2009-03-14 10:46:30 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeprox.dll
[2009-03-14 10:46:29 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxdeinsr.dll
[2009-03-14 10:46:28 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdehbn3.dll
[2009-03-14 10:46:28 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdegrd.dll
[2009-03-14 10:46:27 | 00,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdecomc.dll
[2009-03-14 10:46:27 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdecomm.dll
[2008-12-31 18:04:42 | 00,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008-12-31 12:21:11 | 00,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2008-12-31 12:21:11 | 00,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2008-12-31 12:21:11 | 00,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2008-08-27 19:58:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008-04-18 11:22:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2008-04-18 11:10:38 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-03-11 17:41:52 | 00,000,057 | ---- | C] () -- C:\WINDOWS\win.ini
[2008-02-29 06:14:04 | 00,223,744 | ---- | C] () -- C:\WINDOWS\System32\b4fm.dll
[2008-02-10 11:20:21 | 00,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2008-02-03 15:55:28 | 00,000,074 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2008-02-03 15:12:26 | 00,005,826 | ---- | C] () -- C:\WINDOWS\GenAmvTool.INI
[2007-12-26 19:02:44 | 00,000,096 | ---- | C] () -- C:\WINDOWS\docs.ini
[2007-11-27 13:39:38 | 00,000,406 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007-09-25 10:04:32 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007-09-25 08:55:59 | 00,000,322 | ---- | C] () -- C:\WINDOWS\dantts.ini
[2007-09-23 09:55:19 | 00,020,480 | R--- | C] () -- C:\WINDOWS\System32\drivers\NBID.DLL
[2007-09-23 09:55:19 | 00,013,941 | R--- | C] () -- C:\WINDOWS\System32\drivers\CIR.sys
[2007-09-23 09:55:19 | 00,006,656 | R--- | C] () -- C:\WINDOWS\System32\drivers\DIO.DLL
[2007-09-23 09:52:57 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007-03-29 22:00:40 | 00,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004-12-13 08:57:36 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
[2004-11-29 16:08:30 | 00,127,059 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll
[2004-08-27 14:00:00 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\dmdskres.dll
[2004-08-27 14:00:00 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\mssockew.dll
[2004-08-27 14:00:00 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\msfontssp.dll
[2004-08-27 14:00:00 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\dmocx.dll
[2004-08-27 14:00:00 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\dmintf.dll
[2004-08-27 14:00:00 | 00,006,319 | ---- | C] () -- C:\WINDOWS\System32\wpkrnt.dll
[2004-08-27 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[2009-04-15 15:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2009-04-15 15:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2009-04-15 14:57:20 | 01,078,716 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-04-15 14:57:20 | 00,460,364 | ---- | M] () -- C:\WINDOWS\System32\perfh006.dat
[2009-04-15 14:57:20 | 00,445,500 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-04-15 14:57:20 | 00,085,228 | ---- | M] () -- C:\WINDOWS\System32\perfc006.dat
[2009-04-15 14:57:20 | 00,074,202 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-04-15 14:55:42 | 00,000,324 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009-04-15 14:52:36 | 00,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009-04-15 14:52:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-04-15 14:52:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-04-15 14:50:25 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-04-15 14:36:31 | 00,000,752 | ---- | M] () -- C:\Documents and Settings\aktiv\Menuen Start\Programmer\Start\ERUNT AutoBackup.lnk
[2009-04-15 14:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2009-04-15 14:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2009-04-15 13:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2009-04-15 13:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2009-04-15 12:48:18 | 00,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2240534125-3083420089-3308955751-1004.job
[2009-04-15 00:27:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009-04-14 23:37:02 | 00,000,278 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-04-14 23:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2009-04-14 23:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2009-04-14 22:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2009-04-14 22:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2009-04-14 21:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2009-04-14 21:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2009-04-14 20:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2009-04-14 20:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2009-04-14 19:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2009-04-14 19:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2009-04-14 18:07:42 | 00,048,128 | ---- | M] () -- C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-04-14 18:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2009-04-14 18:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2009-04-14 17:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2009-04-14 17:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2009-04-14 16:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2009-04-14 16:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2009-04-14 10:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2009-04-14 10:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2009-04-14 09:57:24 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-04-12 11:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2009-04-12 11:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2009-04-12 01:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2009-04-12 01:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2009-04-12 00:36:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2009-04-11 23:50:59 | 00,153,104 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009-04-11 10:08:08 | 00,312,221 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-04-11 09:56:14 | 00,000,912 | ---- | M] () -- C:\Documents and Settings\aktiv\Skrivebord\Spybot - Search & Destroy.lnk
[2009-04-11 09:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2009-04-11 09:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2009-04-09 08:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2009-04-09 08:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2009-04-08 16:34:44 | 00,016,320 | ---- | M] () -- C:\Documents and Settings\aktiv\Dokumenter\cc_20090408_163431.reg
[2009-04-08 16:26:10 | 00,001,521 | ---- | M] () -- C:\Documents and Settings\aktiv\Skrivebord\CCleaner.lnk
[2009-04-08 12:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2009-04-08 12:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2009-04-06 17:48:57 | 00,126,586 | ---- | M] () -- C:\Documents and Settings\aktiv\Skrivebord\113 England forår 2008.jpg
[2009-04-06 16:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-04-06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-04-06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-04-04 18:48:37 | 00,002,285 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\IKEA Home Planner.lnk
[2009-03-31 20:42:58 | 00,286,792 | ---- | M] () -- C:\Documents and Settings\aktiv\Skrivebord\31032009005.jpg
[2009-03-31 16:53:09 | 00,035,328 | -HS- | M] () -- C:\Documents and Settings\aktiv\Dokumenter\Thumbs.db
[2009-03-30 21:22:44 | 00,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Nokia PC Suite.lnk
[2009-03-30 21:16:28 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2009-03-30 21:16:27 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2009-03-30 21:11:14 | 00,001,834 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Nokia Software Updater.lnk
[2009-03-29 18:04:32 | 00,002,176 | -H-- | M] () -- C:\Documents and Settings\aktiv\Skrivebord\ZbThumbnail.info
[2009-03-29 12:34:29 | 00,002,176 | -H-- | M] () -- C:\Documents and Settings\aktiv\Dokumenter\ZbThumbnail.info
[2009-03-29 12:34:21 | 00,002,395 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\ZoomBrowser EX.lnk
[2009-03-27 08:53:33 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009-03-26 21:08:15 | 00,002,298 | ---- | M] () -- C:\Documents and Settings\aktiv\Skrivebord\Google Chrome.lnk
[2009-03-23 16:44:57 | 00,010,018 | ---- | M] () -- C:\Documents and Settings\aktiv\Dokumenter\cc_20090323_154451.reg
[2009-03-23 16:37:35 | 00,617,086 | ---- | M] () -- C:\Documents and Settings\aktiv\Dokumenter\cc_20090323_1536.reg
[2009-03-23 08:00:12 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2009-03-23 08:00:08 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2009-03-23 07:00:23 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2009-03-23 07:00:15 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2009-03-23 06:00:12 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2009-03-23 06:00:09 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2009-03-23 05:00:21 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2009-03-23 05:00:01 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2009-03-23 04:00:07 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2009-03-23 04:00:03 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2009-03-23 03:00:04 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2009-03-23 03:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2009-03-21 18:08:56 | 04,772,940 | -H-- | M] () -- C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\IconCache.db
[2009-03-21 16:08:56 | 01,006,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2009-03-21 16:08:56 | 01,006,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2009-03-19 17:08:15 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009-03-19 17:02:40 | 00,035,168 | ---- | M] () -- C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
[2009-03-19 17:01:44 | 00,165,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-03-19 16:54:22 | 00,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Nokia Photos.lnk
[2009-03-19 16:25:05 | 00,077,353 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
< End of report >

Thanks in advance any help appreciated.

Edited by kasperbs, 15 April 2009 - 08:12 AM.

  • 0

Advertisements

#2
fenzodahl512
Posted 16 April 2009 - 01:26 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
OTListIt2 Fix step

Open OTListIt2 then do below..

Copy/paste the following into the Costum Scans/Fixes box and then click on Run Fix button.

:processes
explorer.exe

:files
C:\WINDOWS\system32\6aQWAKfB.exe
C:\WINDOWS\system32\GFh31xM6.exe
C:\WINDOWS\tasks\At*.job

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Let it run the fix. A log will then pop-up to your screen after the fix finish.. If it needs a reboot, just let it.. Post that log in your next reply...




Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

  • 0

#3
kasperbs
Posted 16 April 2009 - 07:39 AM

kasperbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi fenzodahl512,
Thanks for getting back, underneath is the info requested.

OTListIT2.exe

========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\6aQWAKfB.exe not found.
File/Folder C:\WINDOWS\system32\GFh31xM6.exe not found.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\aktiv\Lokale indstillinger\Temp\NGLATempNokia\Nokia Sans Wide v3.1.ttf scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\aktiv\Lokale indstillinger\Temp\etilqs_mroTwNHJBWUiFK4Sj31i scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\aktiv\Lokale indstillinger\Temp\NGLALog.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\aktiv\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_418.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Mozilla\Firefox\Profiles\rqwr5bon.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Mozilla\Firefox\Profiles\rqwr5bon.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Mozilla\Firefox\Profiles\rqwr5bon.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Mozilla\Firefox\Profiles\rqwr5bon.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Mozilla\Firefox\Profiles\rqwr5bon.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Mozilla\Firefox\Profiles\rqwr5bon.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04162009_152757

Files moved on Reboot...
C:\Documents and Settings\aktiv\Lokale indstillinger\Temp\NGLATempNokia\Nokia Sans Wide v3.1.ttf moved successfully.
File C:\Documents and Settings\aktiv\Lokale indstillinger\Temp\etilqs_mroTwNHJBWUiFK4Sj31i not found!
C:\Documents and Settings\aktiv\Lokale indstillinger\Temp\NGLALog.txt moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_418.dat not found!
C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Mozilla\Firefox\Profiles\rqwr5bon.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Mozilla\Firefox\Profiles\rqwr5bon.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Mozilla\Firefox\Profiles\rqwr5bon.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Mozilla\Firefox\Profiles\rqwr5bon.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Mozilla\Firefox\Profiles\rqwr5bon.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Mozilla\Firefox\Profiles\rqwr5bon.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...


Log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by aktiv at 2009-04-16 15:34:43
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (13%) free of 76 GB
Total RAM: 2046 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:35, on 16-04-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Norman\Npm\Bin\Zanda.exe
C:\Programmer\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\KLS Soft\KLS Backup 2008 Professional\klsbservice.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdeserv.exe
C:\WINDOWS\system32\lxdecoms.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\Norman\Npm\Bin\Njeeves.exe
C:\Programmer\Norman\Npm\Bin\Nvcsched.exe
C:\Programmer\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\notepad.exe
C:\Programmer\Norman\Npm\Bin\ZLH.EXE
C:\Programmer\Norman\Nvc\Bin\Nip.exe
C:\Programmer\Norman\Nvc\Bin\cclaw.exe
C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmer\Lexmark 4800 Series\lxdemon.exe
C:\Programmer\Lexmark 4800 Series\lxdeamon.exe
C:\Programmer\Fælles filer\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Salling Software AB\Salling Media Sync\Salling Media Sync.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe
C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Logitech\Desktop Messenger\SetPoint\SetPoint.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Programmer\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmer\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Documents and Settings\aktiv\Dokumenter\Rudolf\Downloads\Firefox\RSIT.exe
C:\Programmer\trend micro\aktiv.exe
C:\Programmer\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programmer\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programmer\FlashGet\getflash.dll
O3 - Toolbar: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programmer\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [lxdemon.exe] "C:\Programmer\Lexmark 4800 Series\lxdemon.exe"
O4 - HKLM\..\Run: [lxdeamon] "C:\Programmer\Lexmark 4800 Series\lxdeamon.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmer\Fælles filer\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Salling Media Sync] "C:\Programmer\Salling Software AB\Salling Media Sync\Salling Media Sync.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programmer\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\Desktop Messenger\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download alle med FlashGet - C:\Programmer\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download med FlashGet - C:\Programmer\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Programmer\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmer\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmer\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmer\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalba...e-prod-1.20.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9a59b4acbd5da) (gupdate1c9a59b4acbd5da) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: KLS Backup 2008 Professional Service (KLSBackup2008Pro) - KLS Soft - C:\Programmer\KLS Soft\KLS Backup 2008 Professional\klsbservice.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTServ.exe
O23 - Service: lxdeCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe
O23 - Service: lxde_device - - C:\WINDOWS\system32\lxdecoms.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norman NJeeves - Norman ASA - C:\Programmer\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programmer\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Programmer\Norman\npm\bin\nvoy.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12577 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2240534125-3083420089-3308955751-1004.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Værktøjslinje - C:\Programmer\Lexmark Toolbar\toolband.dll [2008-10-07 372736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Programmer\FlashGet\jccatch.dll [2007-06-29 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Programmer\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Programmer\FlashGet\getflash.dll [2007-05-16 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Værktøjslinje - C:\Programmer\Lexmark Toolbar\toolband.dll [2008-10-07 372736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Norman ZANDA"=C:\Programmer\Norman\Npm\Bin\ZLH.EXE [2009-02-11 187504]
"IntelZeroConfig"=C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328]
"IntelWireless"=C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824]
"StartCCC"=C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-07-16 61440]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"lxdemon.exe"=C:\Programmer\Lexmark 4800 Series\lxdemon.exe [2007-06-11 455600]
"lxdeamon"=C:\Programmer\Lexmark 4800 Series\lxdeamon.exe [2007-06-01 20480]
"NokiaMServer"=C:\Programmer\Fælles filer\Nokia\MPlatform\NokiaMServer /watchfiles []
"SunJavaUpdateSched"=C:\Programmer\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"Salling Media Sync"=C:\Programmer\Salling Software AB\Salling Media Sync\Salling Media Sync.exe [2008-11-21 343696]
"iTunesHelper"=C:\Programmer\iTunes\iTunesHelper.exe [2009-04-02 342312]
"QuickTime Task"=C:\Programmer\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Programmer\Skype\Phone\Skype.exe [2008-11-07 21633320]
"Google Update"=C:\Documents and Settings\aktiv\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2009-01-14 133104]
"PC Suite Tray"=C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Programmer\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe runtime -Delay []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CIR]
C:\WINDOWS\system32\drivers\CIR.exe [2006-03-08 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Programmer\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Programmer\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-21 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
C:\Programmer\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-11-10 1253376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Programmer\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-02-10 15969280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe [2005-12-16 761945]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIPv3_Auto_Update]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Programmer\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^C-Pen 20.lnk]
C:\WINDOWS\Installer\{ED10A1F7-C0D9-44F4-AA62-E6EACFE9188C}\_5A1930EDFA8D_4359_BB47_DE9376F17160.exe [2007-11-27 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2008-10-21 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^WordPoint2000.lnk]
C:\PROGRA~1\Galtech\WORDPO~1\Wdpoint.exe []

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start
Logitech SetPoint.lnk - C:\Programmer\Logitech\Desktop Messenger\SetPoint\SetPoint.exe

C:\Documents and Settings\aktiv\Menuen Start\Programmer\Start
ERUNT AutoBackup.lnk - C:\Programmer\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-08-01 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\programmer\fælles filer\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmer\Messenger\msmsgs.exe"="C:\Programmer\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programmer\FlashGet\flashget.exe"="C:\Programmer\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Programmer\QuickTime\QuickTimePlayer.exe"="C:\Programmer\QuickTime\QuickTimePlayer.exe:*:Disabled:QuickTime Player"
"C:\Programmer\VideoLAN\VLC\vlc.exe"="C:\Programmer\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Programmer\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Programmer\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Programmer\Fælles filer\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Programmer\Fælles filer\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Programmer\UltraVNC\vncviewer.exe"="C:\Programmer\UltraVNC\vncviewer.exe:*:Enabled:VNCViewer"
"C:\WINDOWS\system32\lxdecoms.exe"="C:\WINDOWS\system32\lxdecoms.exe:*:Enabled:4800 Series Server"
"C:\Programmer\Lexmark 4800 Series\lxdemon.exe"="C:\Programmer\Lexmark 4800 Series\lxdemon.exe:*:Enabled:Printer Device Monitor"
"C:\Documents and Settings\aktiv\Lokale indstillinger\Temp\lxde\wireless\DANISH\lxdewpss.exe"="C:\Documents and Settings\aktiv\Lokale indstillinger\Temp\lxde\wireless\DANISH\lxdewpss.exe:*:Enabled: "
"C:\WINDOWS\system32\lxdecfg.exe"="C:\WINDOWS\system32\lxdecfg.exe:*:Enabled:Printer Communication System"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdepswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdepswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdetime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdetime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdejswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdejswx.exe:*:Enabled:Job Status Window Interface"
"C:\Programmer\Lexmark 4800 Series\frun.exe"="C:\Programmer\Lexmark 4800 Series\frun.exe:*:Enabled:Printing Application"
"C:\Programmer\Bonjour\mDNSResponder.exe"="C:\Programmer\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programmer\iTunes\iTunes.exe"="C:\Programmer\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programmer\Skype\Phone\Skype.exe"="C:\Programmer\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a5aa36e-0b97-11dd-83be-0040d0a0f917}]
shell\AutoRun\command - G:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe


======List of files/folders created in the last 3 months======

2009-04-16 15:34:45 ----D---- C:\Programmer\trend micro
2009-04-16 15:34:43 ----D---- C:\rsit
2009-04-16 15:27:57 ----D---- C:\_OTListIt
2009-04-15 14:53:52 ----D---- C:\WINDOWS\ERDNT
2009-04-15 14:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 14:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 14:47:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 14:47:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 14:46:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 14:46:39 ----A---- C:\WINDOWS\imsins.BAK
2009-04-15 14:46:35 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-15 14:38:37 ----A---- C:\Rooter.txt
2009-04-15 14:37:57 ----D---- C:\Rooter$
2009-04-15 14:36:28 ----D---- C:\Programmer\ERUNT
2009-04-15 12:35:40 ----D---- C:\Programmer\Fælles filer\DVDVideoSoft
2009-04-15 12:35:40 ----D---- C:\Programmer\DVDVideoSoft
2009-04-12 00:06:41 ----D---- C:\Documents and Settings\aktiv\Application Data\Malwarebytes
2009-04-12 00:06:35 ----D---- C:\Programmer\Malwarebytes' Anti-Malware
2009-04-12 00:06:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-11 09:56:09 ----D---- C:\Programmer\Spybot - Search & Destroy
2009-04-11 09:56:09 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-08 19:31:00 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-08 17:05:49 ----D---- C:\Sysclean
2009-04-08 16:41:11 ----D---- C:\Programmer\CleanUp!
2009-04-08 12:11:09 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-04-08 12:10:48 ----D---- C:\Programmer\iPod
2009-04-08 12:10:44 ----D---- C:\Programmer\iTunes
2009-04-08 12:10:44 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-08 12:10:28 ----D---- C:\Programmer\Bonjour
2009-04-08 12:09:58 ----D---- C:\Programmer\QuickTime
2009-04-08 12:09:42 ----D---- C:\Programmer\Apple Software Update
2009-04-08 12:09:20 ----D---- C:\Programmer\Fælles filer\Apple
2009-04-08 12:09:20 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-04-08 11:33:20 ----D---- C:\Programmer\Salling Software AB
2009-04-06 16:13:30 ----D---- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2009-04-06 16:13:24 ----D---- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2009-03-31 20:20:03 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-31 20:20:03 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-31 20:20:03 ----A---- C:\WINDOWS\system32\java.exe
2009-03-30 21:22:37 ----D---- C:\Programmer\Fælles filer\PCSuite
2009-03-30 21:16:11 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2009-03-30 21:15:53 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2009-03-30 21:11:53 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2009-03-30 21:11:53 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2009-03-23 20:30:31 ----D---- C:\Programmer\Fælles filer\ODBC
2009-03-21 14:07:05 ----D---- C:\Config.Msi
2009-03-19 17:24:32 ----A---- C:\WINDOWS\ModemLog_Nokia GSM Phone USB Modem.txt
2009-03-19 17:12:13 ----D---- C:\Documents and Settings\aktiv\Application Data\Nseries
2009-03-19 16:56:35 ----D---- C:\WINDOWS\Globalization
2009-03-19 16:55:05 ----D---- C:\Documents and Settings\All Users\Application Data\NokiaMusic
2009-03-19 16:54:05 ----D---- C:\Programmer\Fælles filer\muvee Technologies
2009-03-19 16:47:00 ----SHD---- C:\WINDOWS\ftpcache
2009-03-14 17:01:00 ----D---- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
2009-03-14 12:55:58 ----D---- C:\Documents and Settings\All Users\Application Data\LxThumbs
2009-03-14 11:39:11 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-03-14 11:37:56 ----D---- C:\Documents and Settings\aktiv\Application Data\FaxCtr
2009-03-14 11:30:28 ----D---- C:\Documents and Settings\aktiv\Application Data\Lexmark Productivity Studio
2009-03-14 11:11:15 ----D---- C:\Programmer\Lexmark Toolbar
2009-03-14 10:50:43 ----D---- C:\logs
2009-03-14 10:50:23 ----A---- C:\WINDOWS\system32\lxdevs.dll
2009-03-14 10:50:21 ----A---- C:\WINDOWS\system32\lxdecoin.dll
2009-03-14 10:49:44 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2009-03-14 10:49:40 ----A---- C:\WINDOWS\system32\lxdedrs.dll
2009-03-14 10:49:40 ----A---- C:\WINDOWS\system32\lxdecaps.dll
2009-03-14 10:49:39 ----A---- C:\WINDOWS\system32\lxdecnv4.dll
2009-03-14 10:49:08 ----A---- C:\WINDOWS\system32\LXF3PMRC.DLL
2009-03-14 10:49:08 ----A---- C:\WINDOWS\system32\IMHOST32.DLL
2009-03-14 10:49:08 ----A---- C:\WINDOWS\system32\IMGMAN32.DLL
2009-03-14 10:49:02 ----D---- C:\Documents and Settings\All Users\Application Data\FaxCtr
2009-03-14 10:48:23 ----D---- C:\Programmer\Abbyy FineReader 6.0 Sprint
2009-03-14 10:46:47 ----AH---- C:\WINDOWS\system32\lxderwrd.ini
2009-03-14 10:46:33 ----A---- C:\WINDOWS\system32\lxdeinst.dll
2009-03-14 10:46:32 ----A---- C:\WINDOWS\system32\lxdehcp.dll
2009-03-14 10:46:31 ----A---- C:\WINDOWS\system32\lxdeutil.dll
2009-03-14 10:46:31 ----A---- C:\WINDOWS\system32\lxdeusb1.dll
2009-03-14 10:46:31 ----A---- C:\WINDOWS\system32\lxdeinpa.dll
2009-03-14 10:46:31 ----A---- C:\WINDOWS\system32\lxdeiesc.dll
2009-03-14 10:46:30 ----A---- C:\WINDOWS\system32\lxdeserv.dll
2009-03-14 10:46:30 ----A---- C:\WINDOWS\system32\lxdeprox.dll
2009-03-14 10:46:30 ----A---- C:\WINDOWS\system32\lxdepmui.dll
2009-03-14 10:46:30 ----A---- C:\WINDOWS\system32\lxdelmpm.dll
2009-03-14 10:46:29 ----A---- C:\WINDOWS\system32\lxdejswr.dll
2009-03-14 10:46:29 ----A---- C:\WINDOWS\system32\lxdeinsr.dll
2009-03-14 10:46:29 ----A---- C:\WINDOWS\system32\lxdeinsb.dll
2009-03-14 10:46:29 ----A---- C:\WINDOWS\system32\lxdeins.dll
2009-03-14 10:46:29 ----A---- C:\WINDOWS\system32\lxdeih.exe
2009-03-14 10:46:28 ----A---- C:\WINDOWS\system32\lxdehbn3.dll
2009-03-14 10:46:28 ----A---- C:\WINDOWS\system32\lxdegrd.dll
2009-03-14 10:46:28 ----A---- C:\WINDOWS\system32\lxdegf.dll
2009-03-14 10:46:27 ----A---- C:\WINDOWS\system32\lxdecur.dll
2009-03-14 10:46:27 ----A---- C:\WINDOWS\system32\lxdecub.dll
2009-03-14 10:46:27 ----A---- C:\WINDOWS\system32\lxdecu.dll
2009-03-14 10:46:27 ----A---- C:\WINDOWS\system32\lxdecoms.exe
2009-03-14 10:46:27 ----A---- C:\WINDOWS\system32\lxdecomm.dll
2009-03-14 10:46:27 ----A---- C:\WINDOWS\system32\lxdecomc.dll
2009-03-14 10:46:27 ----A---- C:\WINDOWS\system32\lxdecfg.exe
2009-03-14 10:46:26 ----A---- C:\WINDOWS\system32\lxdecfg.dll
2009-03-14 10:45:18 ----D---- C:\Programmer\Lexmark 4800 Series
2009-03-11 17:02:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 17:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 17:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-08 18:42:17 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-02-24 22:48:17 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-21 12:01:36 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-02-20 21:31:56 ----D---- C:\Programmer\IKEA HomePlannerDE
2009-02-20 18:35:08 ----AD---- C:\Programmer\Furnish Lite
2009-02-18 17:52:45 ----D---- C:\Programmer\IKEA HomePlanner
2009-02-18 17:50:42 ----D---- C:\Programmer\Fælles filer\Wise Installation Wizard
2009-02-16 20:40:41 ----D---- C:\Programmer\Pro Imaging Powertoys
2009-02-16 20:40:41 ----D---- C:\Programmer\Fælles filer\Nikon
2009-02-16 20:38:02 ----D---- C:\WINDOWS\Downloaded Installations
2009-02-15 11:27:26 ----D---- C:\Documents and Settings\aktiv\Application Data\DivX
2009-02-15 11:24:29 ----D---- C:\Programmer\DivX
2009-02-11 21:34:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-02 22:59:59 ----D---- C:\Documents and Settings\aktiv\Application Data\ZoomBrowser EX
2009-01-18 13:46:55 ----D---- C:\WINDOWS\system32\DaisyWare
2009-01-18 13:31:10 ----D---- C:\Programmer\AMIS

======List of files/folders modified in the last 3 months======

2009-04-16 15:35:42 ----D---- C:\WINDOWS\Temp
2009-04-16 15:35:21 ----D---- C:\WINDOWS\Prefetch
2009-04-16 15:35:12 ----D---- C:\Programmer\Mozilla Firefox
2009-04-16 15:34:45 ----RD---- C:\Programmer
2009-04-16 15:34:39 ----D---- C:\Documents and Settings\aktiv\Application Data\Skype
2009-04-16 15:34:37 ----SD---- C:\WINDOWS\Tasks
2009-04-16 15:34:23 ----D---- C:\Documents and Settings\aktiv\Application Data\skypePM
2009-04-16 15:31:32 ----D---- C:\Programmer\Norman
2009-04-16 15:30:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-16 15:29:55 ----D---- C:\Programmer\FlashGet
2009-04-16 14:58:31 ----D---- C:\WINDOWS
2009-04-16 07:10:39 ----HD---- C:\WINDOWS\inf
2009-04-16 07:10:38 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-15 14:57:20 ----D---- C:\WINDOWS\system32
2009-04-15 14:57:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-15 14:51:53 ----D---- C:\WINDOWS\system32\wbem
2009-04-15 14:51:52 ----D---- C:\WINDOWS\AppPatch
2009-04-15 14:50:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-15 14:50:11 ----D---- C:\WINDOWS\system32\da-dk
2009-04-15 14:50:10 ----D---- C:\Programmer\Internet Explorer
2009-04-15 14:49:59 ----D---- C:\WINDOWS\ie7updates
2009-04-15 14:48:06 ----D---- C:\WINDOWS\Debug
2009-04-15 14:47:38 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-15 14:47:27 ----SHD---- C:\WINDOWS\Installer
2009-04-15 14:47:21 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-15 14:14:02 ----D---- C:\Documents and Settings\aktiv\Application Data\dvdcss
2009-04-15 12:35:40 ----D---- C:\Programmer\Fælles filer
2009-04-14 19:00:13 ----D---- C:\Documents and Settings\aktiv\Application Data\Thunderbird
2009-04-14 19:00:00 ----D---- C:\Documents and Settings\aktiv\Application Data\Mozilla
2009-04-12 01:43:24 ----D---- C:\WINDOWS\system32\drivers
2009-04-12 00:02:20 ----D---- C:\Program Files
2009-04-08 16:50:58 ----D---- C:\temp
2009-04-08 12:11:09 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-07 17:21:42 ----D---- C:\Documents and Settings\aktiv\Application Data\Nokia
2009-04-06 16:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-01 21:28:41 ----D---- C:\Programmer\Nokia
2009-03-31 20:20:03 ----D---- C:\Programmer\Java
2009-03-31 18:51:22 ----D---- C:\Documents and Settings\aktiv\Application Data\Adobe
2009-03-30 21:28:07 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-30 21:22:36 ----D---- C:\Programmer\Fælles filer\Nokia
2009-03-30 21:21:19 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2009-03-30 17:47:06 ----D---- C:\Programmer\Burn4Free
2009-03-27 19:07:59 ----D---- C:\Programmer\Mozilla Thunderbird
2009-03-23 16:42:53 ----D---- C:\Programmer\CCleaner
2009-03-23 16:38:42 ----D---- C:\Programmer\Fælles filer\Accent Shared
2009-03-21 17:16:46 ----D---- C:\Documents and Settings
2009-03-21 16:08:56 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-21 14:08:59 ----D---- C:\Programmer\Google
2009-03-21 14:07:49 ----D---- C:\WINDOWS\system32\config
2009-03-21 14:07:30 ----D---- C:\WINDOWS\Registration
2009-03-19 22:04:40 ----RSD---- C:\WINDOWS\assembly
2009-03-19 17:28:45 ----D---- C:\Documents and Settings\aktiv\Application Data\PC Suite
2009-03-19 16:54:17 ----RSD---- C:\WINDOWS\Fonts
2009-03-19 16:25:02 ----D---- C:\Programmer\Windows Media Player
2009-03-19 16:25:01 ----D---- C:\Programmer\UltraVNC
2009-03-19 16:24:57 ----D---- C:\Programmer\MobilityDotNET
2009-03-19 16:24:34 ----D---- C:\Programmer\ImgBurn
2009-03-19 16:24:31 ----D---- C:\Programmer\Fælles filer\Logitech
2009-03-19 16:24:31 ----D---- C:\Programmer\Fælles filer\Adobe
2009-03-19 16:24:30 ----D---- C:\Programmer\[bleep] NFO Viewer
2009-03-19 16:24:27 ----D---- C:\Programmer\Adobe
2009-03-14 10:50:04 ----D---- C:\WINDOWS\twain_32
2009-03-06 16:20:58 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-03 02:11:55 ----A---- C:\WINDOWS\system32\wininet.dll
2009-02-21 11:26:53 ----RASH---- C:\boot.ini
2009-02-21 11:26:53 ----N---- C:\WINDOWS\system.ini
2009-02-21 11:26:53 ----A---- C:\WINDOWS\win.ini
2009-02-21 11:26:52 ----D---- C:\WINDOWS\pss
2009-02-20 19:12:35 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-02-20 19:12:34 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-02-20 19:12:34 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-02-20 19:12:34 ----A---- C:\WINDOWS\system32\url.dll
2009-02-20 19:12:34 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-02-20 19:12:34 ----A---- C:\WINDOWS\system32\occache.dll
2009-02-20 19:12:34 ----A---- C:\WINDOWS\system32\mstime.dll
2009-02-20 19:12:33 ----A---- C:\WINDOWS\system32\msrating.dll
2009-02-20 19:12:33 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-02-20 19:12:33 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-02-20 19:12:31 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-02-20 19:12:31 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-02-20 19:12:31 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-02-20 19:12:30 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-02-20 19:12:30 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-02-20 19:12:30 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-02-20 19:12:27 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-02-20 19:12:27 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-02-20 19:12:27 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-02-20 19:12:26 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-02-20 19:12:26 ----A---- C:\WINDOWS\system32\icardie.dll
2009-02-20 19:12:22 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-02-20 19:12:22 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-02-20 19:12:22 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-02-20 19:12:22 ----A---- C:\WINDOWS\system32\advpack.dll
2009-02-20 12:20:49 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-02-20 12:20:49 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-02-20 07:14:12 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-02-09 13:26:00 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-02-09 13:25:42 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-02-09 13:25:40 ----A---- C:\WINDOWS\system32\services.exe
2009-02-09 12:53:28 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-02-09 12:53:27 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-02-09 12:53:27 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-02-09 12:53:27 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-02-09 10:41:30 ----HD---- C:\Programmer\InstallShield Installation Information
2009-02-09 10:40:19 ----D---- C:\Programmer\Canon
2009-02-06 12:39:08 ----A---- C:\WINDOWS\system32\sc.exe
2009-02-03 21:58:19 ----A---- C:\WINDOWS\system32\secur32.dll
2009-02-02 20:34:20 ----D---- C:\Programmer\Fælles filer\Canon
2009-01-18 13:46:56 ----D---- C:\Programmer\TPB Reader

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Driver til Intel-processor; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;HID-tastaturdriver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 NGS;Norman General Security Driver; \??\c:\programmer\norman\ngs\bin\ngs.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-26 21361]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-03-23 12544]
R2 MTC0301_CIR;CIR Device; C:\WINDOWS\system32\drivers\CIR.sys [2004-11-26 13941]
R2 Ndiskio;Ndiskio; \??\C:\Programmer\Norman\Nse\bin\NDISKIO.SYS []
R2 s24trans;WLAN-transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016]
R3 Arp1394;1394 ARP-klientprotokol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-01 3266560]
R3 CmBatt;Driver til Microsoft AC-adapter; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA-busdriver til High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID-klassedriver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-02-16 4156416]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 mouhid;HID-driver til mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-04 12160]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 NIC1394;1394-netværksdriver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NvcMFlt;NvcMFlt; C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2009-01-22 19512]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-16 191936]
R3 usbccgp;Overordnet Microsoft USB-standarddriver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniportdriver til Microsoft USB 2.0-udvidet værtscontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Driver til Microsoft USB-standardhub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB-universel værtscontroller miniportdriver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 absrv3e1;absrv3e1; C:\WINDOWS\system32\drivers\absrv3e1.sys []
S3 CPen20;C-Pen 20; C:\WINDOWS\System32\Drivers\CPen20.sys [2005-02-16 14382]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2003-09-23 7296]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-03-23 995712]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-03-23 206976]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys []
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys []
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
S3 netr73;D-Link DWA-111 Wireless G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\netr73.sys [2007-01-31 256000]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pendfu;PenDfu (pendfu.sys); C:\WINDOWS\System32\Drivers\pendfu.sys [2005-02-14 32408]
S3 sffdisk;Driver til SFF-lagringsklasse; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Driver til SFF-lagerprotokol for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS [2006-03-23 6861]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 usbaudio;USB-lyddriver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER-klasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-scannerdriver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 USBSTOR;Driver til USB-lagerenhed; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-03-23 726400]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-01 573440]
R2 Bonjour Service;Bonjour-tjeneste; C:\Programmer\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Programmer\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 eLoggerSvc6;Norman eLogger service 6; C:\Programmer\Norman\Npm\Bin\eLogsvc.exe [2007-11-21 150584]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Programmer\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programmer\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 KLSBackup2008Pro;KLS Backup 2008 Professional Service; C:\Programmer\KLS Soft\KLS Backup 2008 Professional\klsbservice.exe [2008-06-05 3437568]
R2 lxde_device;lxde_device; C:\WINDOWS\system32\lxdecoms.exe [2007-05-29 598960]
R2 lxdeCATSCustConnectService;lxdeCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe [2007-05-29 99248]
R2 Norman ZANDA;Norman ZANDA; C:\Programmer\Norman\Npm\Bin\Zanda.exe [2009-02-25 408696]
R2 NVOY;Norman Resource Provider; C:\Programmer\Norman\npm\bin\nvoy.exe [2009-01-20 126008]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WinDefend;Windows Defender; C:\Programmer\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod-tjeneste; C:\Programmer\iPod\bin\iPodService.exe [2009-04-02 656168]
R3 Norman NJeeves;Norman NJeeves; C:\Programmer\Norman\Npm\Bin\Njeeves.exe [2008-05-13 203896]
R3 nsesvc;Norman Scanner Engine Service; C:\Programmer\Norman\nse\bin\NSESVC.EXE [2008-11-27 183352]
R3 nvcoas;Norman Virus Control on-access component; C:\Programmer\Norman\Nvc\bin\nvcoas.exe [2009-02-05 195640]
R3 NVCScheduler;Norman Virus Control Scheduler; C:\Programmer\Norman\Npm\Bin\Nvcsched.exe [2007-09-18 154680]
R3 ServiceLayer;ServiceLayer; C:\Programmer\Nokia\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-31 593920]
S2 gupdate1c9a59b4acbd5da;Google Update Service (gupdate1c9a59b4acbd5da); C:\Programmer\Google\Update\GoogleUpdate.exe [2009-03-15 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-03 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 LBTServ;Logitech Bluetooth Service; C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 NMIndexingService;NMIndexingService; C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-01 354560]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Programmer\Windows Media Player\WMPNetwk.exe [2006-11-15 914432]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------


info.txt

info.txt logfile of random's system information tool 1.06 2009-04-16 15:35:48

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0406-0000-0000000FF1CE} /uninstall {AAA2F315-90E9-40B3-8F83-4E52A5B461B2}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0406-0000-0000000FF1CE} /uninstall {C378B07F-6A3F-44DB-B340-AADCED1A3B4C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Programmer\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Billedordbog 3-->C:\WINDOWS\IsUn0406.exe -f"C:\Programmer\Orfeus\Billedordbog 3\Uninst.isu"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Burn4Free CD and DVD-->"C:\Programmer\Burn4Free\uninstall.exe"
Canon Camera Access Library-->"C:\Programmer\Fælles filer\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Programmer\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Programmer\Fælles filer\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Programmer\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Programmer\Fælles filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DSLR 5 for ZoomBrowser EX-->C:\Programmer\Fælles filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 5 for ZoomBrowser EX-->C:\Programmer\Fælles filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{36C65B50-37BA-4467-AAD5-0523EFDF6F62}
Canon EOS Kiss_N REBEL_XT 350D WIA Driver-->C:\Programmer\Fælles filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4} /l1033
Canon G.726 WMP-Decoder-->"C:\Programmer\Fælles filer\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Programmer\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Programmer\Fælles filer\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Programmer\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Programmer\Fælles filer\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Programmer\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Programmer\Fælles filer\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Programmer\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX-->"C:\Programmer\Fælles filer\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Programmer\Canon\RAW Image Task\Uninst.ini"
Canon Utilities Digital Photo Professional 2.0-->C:\Programmer\Fælles filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{17BF3045-AB1D-4048-8356-6C584B83565E} /l1033
Canon Utilities EOS Capture 1.5-->C:\Programmer\Fælles filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}
Canon Utilities PhotoStitch 3.1-->C:\Programmer\Fælles filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
Canon ZoomBrowser EX (E)-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CanoScan LiDE 90-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412 /L0x0006
Carsten SAPI 4-->MsiExec.exe /I{D39D7B32-D370-485B-BDD9-361820A8C0DA}
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
CCleaner (remove only)-->"C:\Programmer\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CD-ORD-->MsiExec.exe /I{26B363BB-BF4B-49C2-9ADE-2D98E73A7CDC}
CIR Device Driver-->C:\WINDOWS\system32\drivers\UnCIR.exe
CleanUp!-->C:\Programmer\CleanUp!\uninstall.exe
C-Pen 20-->MsiExec.exe /X{ED10A1F7-C0D9-44F4-AA62-E6EACFE9188C}
DH Mobility Modder.NET-->C:\Programmer\MobilityDotNET\Uninstall.exe
Diktatværkstedet - Niveau 2-->MsiExec.exe /I{D6B69606-8083-497D-9E90-79266513EFA3}
Diktatværkstedet - Niveau 3-->MsiExec.exe /I{33700019-6D96-4929-8A7A-1F10E134E0Df}
Dragon NaturallySpeaking 9-->MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
Emily-stemmen til CD-ORD-->MsiExec.exe /I{2460544D-8FC8-4C31-B274-55CAD0E382F2}
ERUNT 1.1j-->C:\Programmer\ERUNT\unins000.exe
FlashGet 1.9.0.1012-->C:\Programmer\FlashGet\uninst.exe
Foxit Reader-->C:\Programmer\Foxit Software\Foxit Reader\Uninstall.exe
Free DVD Video Burner version 1.1-->"C:\Programmer\DVDVideoSoft\Free DVD Video Burner\unins000.exe"
Free Video to DVD Converter version 1.1-->"C:\Programmer\DVDVideoSoft\Free Video to DVD Converter\unins000.exe"
Garmin City Navigator Europe v8-->MsiExec.exe /X{3879E12E-DA5B-4451-B973-DA0E2FEE7039}
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Programmer\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix til Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix til Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix til Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IKEA Home Planner-->MsiExec.exe /I{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}
IKEA Home Planner-->MsiExec.exe /I{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}
ImgBurn-->"C:\Programmer\ImgBurn\uninstall.exe"
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
IrfanView (remove only)-->C:\Programmer\IrfanView\iv_uninstall.exe
IRIS - Ordbank 3.1.6, dk-->"C:\Programmer\Auxilior Technology\dk\wordbase3\unins000.exe"
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
KLS Backup 2008 Professional 4.0.0.1-->"C:\Programmer\KLS Soft\KLS Backup 2008 Professional\unins000.exe"
Lexmark 4800 Series-->C:\Programmer\Lexmark 4800 Series\Install\x86\Uninst.exe
Lexmark Værktøjslinje-->regsvr32.exe /s /u "C:\Programmer\Lexmark Toolbar\toolband.dll"
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x6 UNINSTALL
Logitech SetPoint-->C:\Programmer\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0006 -removeonly
Macromedia Flash Player 8-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Malwarebytes' Anti-Malware-->"C:\Programmer\Malwarebytes' Anti-Malware\unins000.exe"
MapSource - City Navigator Europe v7-->C:\PROGRA~1\FLLESF~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{55BED151-DF1A-4CDB-8CEA-AF1DAE0404A5} /l1033
MapSource-->RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}\Setup.exe" -l0x9 AddRemove
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (Danish) 2007-->MsiExec.exe /X{90120000-0016-0406-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Danish) 2007-->MsiExec.exe /X{90120000-00A1-0406-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Danish) 2007-->MsiExec.exe /X{90120000-0018-0406-0000-0000000FF1CE}
Microsoft Office Proof (Danish) 2007-->MsiExec.exe /X{90120000-001F-0406-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proofing (Danish) 2007-->MsiExec.exe /X{90120000-002C-0406-0000-0000000FF1CE}
Microsoft Office Shared MUI (Danish) 2007-->MsiExec.exe /X{90120000-006E-0406-0000-0000000FF1CE}
Microsoft Office Word MUI (Danish) 2007-->MsiExec.exe /X{90120000-001B-0406-0000-0000000FF1CE}
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)-->MsiExec.exe /X{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft Train Simulator-->"C:\Programmer\Microsoft Games\Train Simulator\UNINSTAL.EXE" /runtemp /addremove
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Mini-Lexia (CD)-->C:\Lexia\UNWISE.EXE C:\Lexia\INSTALL.LOG
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.8)-->C:\Programmer\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.19)-->C:\Programmer\Mozilla Thunderbird\uninstall\helper.exe
Mp3tag v2.39-->C:\Programmer\Mp3tag\Mp3tagUninstall.EXE
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia Flashing Cable Driver-->MsiExec.exe /X{D99C322D-C21B-40C7-AE71-EE51AA096B6E}
Nokia Map Loader-->MsiExec.exe /I{18B5996A-643E-4176-9BEB-27C45C9F1FC3}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_dan.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
Nokia Photos-->MsiExec.exe /I{EB938616-16BB-491E-A5A0-CA4AB4167BB4}
Nokia Software Updater-->MsiExec.exe /X{EF4F620F-F295-41D7-92C0-6B635709C850}
Norman Virus Control-->C:\Programmer\Norman\npm\bin\DelNvc5.exe
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{26BD75C5-82D3-4272-8D4D-9DE7AC51DB76}
Opdatering til Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
Per-stemmen til CD-ORD-->MsiExec.exe /I{E5065B98-29B3-4796-87CF-1E2E326FC907}
Politikens Engelsk-Dansk Dansk-Engelsk Ordbog-->MsiExec.exe /I{7119F5CA-8BEE-41C5-8E6B-ABA6D3E367AA}
Politikens Retskrivnings- og Betydningsordbog-->MsiExec.exe /I{F81A6D3D-425F-4791-86DE-B8105451B64E}
Politikens Tysk-Dansk Dansk-Tysk Ordbog-->MsiExec.exe /I{1E0C468A-2860-4FBB-8598-300F25D1E6FA}
ProTrain 12 Karlsruhe - Basel 1.0-->"C:\Programmer\Microsoft Games\Train Simulator\SETUP.2\setup.exe" /u
ProTrain 14 Kassel - Frankfurt 1.0-->"C:\Programmer\Microsoft Games\Train Simulator\SETUP.3\setup.exe" /u
ProTrain 15 Bamberg-Hof 1.0-->"C:\Programmer\Microsoft Games\Train Simulator\SETUP.1\setup.exe" /u
ProTrain 16 Schwarzwaldromantik 1.0-->"C:\Programmer\Microsoft Games\Train Simulator\SETUP\setup.exe" /u
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealSpeak 4.0 Emily-->"C:\Programmer\auxilior technology\auxsolo\speech\unins001.exe"
RealSpeak 4.0 Nanna-->"C:\Programmer\auxilior technology\auxsolo\speech\unins000.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Remove Empty Directories 2.1-->C:\Programmer\Remove Empty Directories\uninst.exe
Salling Media Sync-->MsiExec.exe /I{9E80D96D-1532-463B-AE89-DEC032022E40}
sapi51redist-->MsiExec.exe /I{01B252B2-0A30-45DF-B93C-C4AE94A65303}
Sara-->MsiExec.exe /X{9CA19427-3F8B-4E4D-A7AE-CE3CA0028DD8}
ScanSoft OmniPage SE 4-->MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update til Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sikkerhedsopdatering til Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Soft Modem with SmartCP-->C:\Programmer\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000\HXFSETUP.EXE -U -IPZONCM5K.inf
Spybot - Search & Destroy-->"C:\Programmer\Spybot - Search & Destroy\unins000.exe"
Steffi-stemmen til CD-ORD-->MsiExec.exe /I{B5399840-A02A-44EA-8041-BB6FA104F38B}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Programmer\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TPB Reader 1.1 english-->C:\Programmer\TPB Reader\uninst.exe
UltraVNC v1.0.2-->"C:\Programmer\UltraVNC\unins000.exe"
Uninstall 1.0.0.1-->"C:\Programmer\Fælles filer\DVDVideoSoft\unins000.exe"
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VideoLAN VLC media player 0.8.4a-->C:\Programmer\VideoLAN\VLC\uninstall.exe
Vigtig opdatering til Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
WinAVI Video Converter-->"C:\Programmer\WinAVI Video Converter\unins000.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime-->"C:\Programmer\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programmer\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-driverpakke - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Windows-driverpakke - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Windows-driverpakke - Nokia Modem (10/27/2008 3.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf
Windows-driverpakke - Nokia Modem (10/27/2008 7.01.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf
Windows-driverpakke - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR arkivering-->C:\Programmer\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Norman Security Suite ver. 7.00

======System event log======

Computer Name: VUC
Event Code: 7
Message: Enheden \Device\Harddisk0\D havde en fejlbehæftet blok.

Record Number: 153464
Source Name: Disk
Time Written: 20090411102356.000000+120
Event Type: Fejl
User:

Computer Name: VUC
Event Code: 7
Message: Enheden \Device\Harddisk0\D havde en fejlbehæftet blok.

Record Number: 153463
Source Name: Disk
Time Written: 20090411102354.000000+120
Event Type: Fejl
User:

Computer Name: VUC
Event Code: 7
Message: Enheden \Device\Harddisk0\D havde en fejlbehæftet blok.

Record Number: 153462
Source Name: Disk
Time Written: 20090411102352.000000+120
Event Type: Fejl
User:

Computer Name: VUC
Event Code: 7
Message: Enheden \Device\Harddisk0\D havde en fejlbehæftet blok.

Record Number: 153461
Source Name: Disk
Time Written: 20090411102350.000000+120
Event Type: Fejl
User:

Computer Name: VUC
Event Code: 7
Message: Enheden \Device\Harddisk0\D havde en fejlbehæftet blok.

Record Number: 153460
Source Name: Disk
Time Written: 20090411102349.000000+120
Event Type: Fejl
User:

=====Application event log=====

Computer Name: VUC
Event Code: 0
Message:
Record Number: 3890
Source Name: EvtEng
Time Written: 20081011083203.000000+120
Event Type: oplysninger
User:

Computer Name: VUC
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 3889
Source Name: Adobe Active File Monitor 6.0
Time Written: 20081011083200.000000+120
Event Type:
User:

Computer Name: VUC
Event Code: 105
Message: The service was started.

Record Number: 3888
Source Name: ATI Smart
Time Written: 20081011083200.000000+120
Event Type: oplysninger
User:

Computer Name: VUC
Event Code: 2002
Message:
Record Number: 3887
Source Name: EAPOL
Time Written: 20081011000440.000000+120
Event Type: oplysninger
User:

Computer Name: VUC
Event Code: 2003
Message:
Record Number: 3886
Source Name: EAPOL
Time Written: 20081011000440.000000+120
Event Type: oplysninger
User:

=====Security event log=====

Computer Name: VUC
Event Code: 513
Message: Windows lukker.
Alle logonsessioner vil blive afsluttet ved denne lukning.

Record Number: 2635
Source Name: Security
Time Written: 20090405212355.000000+120
Event Type: overvågning lykkedes
User: NT AUTHORITY\SYSTEM

Computer Name: VUC
Event Code: 515
Message: Der er registreret en betroet logonproces hos den lokale sikkerhedsautoritet.
Denne logonproces vil være betroet til at sende logonanmodninger.




Logonprocesnavn: KSecDD

Record Number: 2634
Source Name: Security
Time Written: 20090405212343.000000+120
Event Type: overvågning lykkedes
User: NT AUTHORITY\SYSTEM

Computer Name: VUC
Event Code: 576
Message: Specielle rettigheder tildelt nyt logon:

Brugernavn: NETVÆRKSTJENESTE

Domæne: NT AUTHORITY

Logon-id: (0x0,0x3E4)

Rettigheder: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege

Record Number: 2633
Source Name: Security
Time Written: 20090405212337.000000+120
Event Type: overvågning lykkedes
User: NT AUTHORITY\NETVÆRKSTJENESTE

Computer Name: VUC
Event Code: 528
Message: Logon lykkedes:

Brugernavn: NETVÆRKSTJENESTE

Domæne: NT AUTHORITY

Logon-id: (0x0,0x3E4)

Logontype: 5

Logonproces: Advapi

Godkendelsespakke: Negotiate

Navn på arbejdsstation:

Logon-GUID: -

Record Number: 2632
Source Name: Security
Time Written: 20090405212337.000000+120
Event Type: overvågning lykkedes
User: NT AUTHORITY\NETVÆRKSTJENESTE

Computer Name: VUC
Event Code: 551
Message: Brugerstartet logoff:

Brugernavn: aktiv

Domæne: VUC

Logon-id: (0x0,0x11067)


Record Number: 2631
Source Name: Security
Time Written: 20090405212336.000000+120
Event Type: overvågning lykkedes
User: VUC\aktiv

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programmer\Nokia\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%NpmLib%;C:\Programmer\ATI Technologies\ATI.ACE\Core-Static;C:\Programmer\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"NpmLib"=C:\Programmer\Norman\Npm\Bin
"CLASSPATH"=.;C:\Programmer\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programmer\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


  • 0

#4
fenzodahl512
Posted 16 April 2009 - 08:07 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please do this step before you sleep or when you don't use the computer as it will take quite a while..

Please run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.


  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.


When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
Posted Image

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


How's the computer now? :)
  • 0

#5
kasperbs
Posted 17 April 2009 - 02:34 AM

kasperbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Kaspersky scan report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, April 17, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, April 17, 2009 00:42:12
Records in database: 2051862
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 161536
Threat name: 3
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 02:35:49


File name / Threat name / Threats count
c:\windows\system32\sens.dll/c:\windows\system32\sens.dll Infected: Trojan.Win32.Patched.fh 1
C:\WINDOWS\system32\spoolsv.exe/C:\WINDOWS\system32\spoolsv.exe Infected: Trojan.Win32.Patched.dq 1
C:\Programmer\UltraVNC\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1
C:\WINDOWS\system32\sens.dll Infected: Trojan.Win32.Patched.fh 1
C:\WINDOWS\system32\spoolsv.exe Infected: Trojan.Win32.Patched.dq 1

The selected area was scanned.


  • 0

#6
fenzodahl512
Posted 17 April 2009 - 04:09 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Looks like some of the legitimate files been patched.. Lets do another scan..


Please download Dr.Web CureIt to the Desktop:
  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit. Reboot your PC in Normal Mode, and post DrWeb.csv in your next reply (Open it as Notepad)

  • 0

#7
kasperbs
Posted 17 April 2009 - 07:09 AM

kasperbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
DrWeb.csv

zanda.exe;c:\programmer\norman\npm\bin;Probably BACKDOOR.Trojan;Incurable.Moved.;


  • 0

#8
fenzodahl512
Posted 17 April 2009 - 08:36 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\WINDOWS\system32\sens.dll
      C:\WINDOWS\system32\spoolsv.exe
  • Click on the Upload button. You can only upload one file at a time
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.
  • 0

#9
kasperbs
Posted 17 April 2009 - 11:55 PM

kasperbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
File information

File Name : spoolsv.exe
File Size : 57856 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 149a85fa474fad7e2472f06efaa85a5e
SHA1 : ef3140d51f169e5672ffdcbf7ecfff857a3a4c01

Scanner results
Scanner results : 41% Scanner(15/37) found malware!
Time : 2009/04/17 20:19:41 (CEST)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.0.0.32 20090415043116 2009-04-15
Virus.Win32.Patched.B!IK
2.992
AhnLab V3 2009.04.16.01 2009.04.16 2009-04-16
-
0.865
AntiVir 7.9.0.148 7.1.3.72 2009-04-17
TR/Patched.DQ.1
1.978
Antiy 2.0.18 20090417.2303116 2009-04-17
-
0.121
Authentium 5.1.1 200904171529 2009-04-17
-
1.220
AVAST! 3.0.1 090417-0 2009-04-17
Win32:Patched-IA [Trj]
0.007
AVG 7.5.52.442 270.11.59/2064 2009-04-17
-
2.023
BitDefender 7.81008.2848875 7.24857 2009-04-18
Trojan.Patched.DD
2.634
CA (VET) 9.0.0.143 31.6.6435 2009-04-14
-
5.309
ClamAV 0.95 9249 2009-04-17
-
0.018
Comodo 3.8 1115 2009-04-15
-
0.563
CP Secure 1.1.0.715 2009.04.18 2009-04-18
Troj.W32.Patched.dq
8.248
Dr.Web 4.44.0.9170 2009.04.17 2009-04-17
-
4.393
F-Prot 4.4.4.56 20090417 2009-04-17
-
1.199
F-Secure 5.51.6100 2009.04.17.07 2009-04-17
Trojan.Win32.Patched.dq [AVP]
5.204
Fortinet 2.81-3.117 10.286 2009-04-15
-
0.230
GData 19.4651/19.300 20090416 2009-04-16
Trojan.Win32.Patched.dq [Engine:A]
5.348
Ikarus T3.1.01.49 2009.04.17.72591 2009-04-17
Virus.Win32.Patched.B
2.771
JiangMin 11.0.706 2009.04.15 2009-04-15
-
1.761
Kaspersky 5.5.10 2009.04.17 2009-04-17
Trojan.Win32.Patched.dq
0.046
KingSoft 2009.2.5.15 2009.4.16.7 2009-04-16
Win32.Loader.m.46
1.005
McAfee 5.3.00 5587 2009-04-17
W32/Patcher
2.798
Microsoft 1.4502 2009.04.16 2009-04-16
Virus:Win32/Patched.B
4.691
mks_vir 2.01 2009.04.17 2009-04-17
-
0.001
Norman 6.00.06 6.00.00 2009-04-17
-
10.011
nProtect 20090415.02 3471338 2009-04-15
Trojan.Patched.DD
4.345
Panda 9.05.01 2009.04.15 2009-04-15
-
2.282
Quick Heal 10.00 2009.04.16 2009-04-16
-
1.072
Rising 20.0 21.25.30.00 2009-04-16
Trojan.Win32.Loader.m
0.820
Sophos 2.85.0 4.40 2009-04-18
-
2.370
Sunbelt 5094 5094 2009-04-15
-
0.686
Symantec 1.3.0.24 20090415.003 2009-04-15
W32.Grenail.D!inf
0.047
The Hacker 6.3.4.0 v00309 2009-04-15
-
1.359
Trend Micro 8.700-1004 5.973.00 2009-04-17
-
0.029
VBA32 3.12.10.2 20090416.1238 2009-04-16
-
1.718
ViRobot 20090414 2009.04.14 2009-04-14
-
0.413
VirusBuster 4.5.11.10 10.104.1/1259451 2009-04-17
-
1.541
NOTICE: It may be false positive by some scanners when they found a malware, so you should judge it by yourself.



File information

File Name : spoolsv.exe
File Size : 57856 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 149a85fa474fad7e2472f06efaa85a5e
SHA1 : ef3140d51f169e5672ffdcbf7ecfff857a3a4c01

Scanner results
Scanner results : 41% Scanner(15/37) found malware!
Time : 2009/04/17 20:19:41 (CEST)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.0.0.32 20090415043116 2009-04-15
Virus.Win32.Patched.B!IK
2.992
AhnLab V3 2009.04.16.01 2009.04.16 2009-04-16
-
0.865
AntiVir 7.9.0.148 7.1.3.72 2009-04-17
TR/Patched.DQ.1
1.978
Antiy 2.0.18 20090417.2303116 2009-04-17
-
0.121
Authentium 5.1.1 200904171529 2009-04-17
-
1.220
AVAST! 3.0.1 090417-0 2009-04-17
Win32:Patched-IA [Trj]
0.007
AVG 7.5.52.442 270.11.59/2064 2009-04-17
-
2.023
BitDefender 7.81008.2848875 7.24857 2009-04-18
Trojan.Patched.DD
2.634
CA (VET) 9.0.0.143 31.6.6435 2009-04-14
-
5.309
ClamAV 0.95 9249 2009-04-17
-
0.018
Comodo 3.8 1115 2009-04-15
-
0.563
CP Secure 1.1.0.715 2009.04.18 2009-04-18
Troj.W32.Patched.dq
8.248
Dr.Web 4.44.0.9170 2009.04.17 2009-04-17
-
4.393
F-Prot 4.4.4.56 20090417 2009-04-17
-
1.199
F-Secure 5.51.6100 2009.04.17.07 2009-04-17
Trojan.Win32.Patched.dq [AVP]
5.204
Fortinet 2.81-3.117 10.286 2009-04-15
-
0.230
GData 19.4651/19.300 20090416 2009-04-16
Trojan.Win32.Patched.dq [Engine:A]
5.348
Ikarus T3.1.01.49 2009.04.17.72591 2009-04-17
Virus.Win32.Patched.B
2.771
JiangMin 11.0.706 2009.04.15 2009-04-15
-
1.761
Kaspersky 5.5.10 2009.04.17 2009-04-17
Trojan.Win32.Patched.dq
0.046
KingSoft 2009.2.5.15 2009.4.16.7 2009-04-16
Win32.Loader.m.46
1.005
McAfee 5.3.00 5587 2009-04-17
W32/Patcher
2.798
Microsoft 1.4502 2009.04.16 2009-04-16
Virus:Win32/Patched.B
4.691
mks_vir 2.01 2009.04.17 2009-04-17
-
0.001
Norman 6.00.06 6.00.00 2009-04-17
-
10.011
nProtect 20090415.02 3471338 2009-04-15
Trojan.Patched.DD
4.345
Panda 9.05.01 2009.04.15 2009-04-15
-
2.282
Quick Heal 10.00 2009.04.16 2009-04-16
-
1.072
Rising 20.0 21.25.30.00 2009-04-16
Trojan.Win32.Loader.m
0.820
Sophos 2.85.0 4.40 2009-04-18
-
2.370
Sunbelt 5094 5094 2009-04-15
-
0.686
Symantec 1.3.0.24 20090415.003 2009-04-15
W32.Grenail.D!inf
0.047
The Hacker 6.3.4.0 v00309 2009-04-15
-
1.359
Trend Micro 8.700-1004 5.973.00 2009-04-17
-
0.029
VBA32 3.12.10.2 20090416.1238 2009-04-16
-
1.718
ViRobot 20090414 2009.04.14 2009-04-14
-
0.413
VirusBuster 4.5.11.10 10.104.1/1259451 2009-04-17
-
1.541
NOTICE: It may be false positive by some scanners when they found a malware, so you should judge it by yourself.


  • 0

#10
fenzodahl512
Posted 18 April 2009 - 12:58 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    :filefind
spoolsv.exe
sens.dll
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply

  • 0

Advertisements

#11
kasperbs
Posted 18 April 2009 - 02:58 PM

kasperbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

SystemLook v1.0 by jpshortstuff (14.04.09)
Log created at 20:28 on 18/04/2009 by aktiv (Administrator - Elevation successful)

========== filefind ==========

Searching for "spoolsv.exe"
C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe --a--- 57856 bytes [00:17 11/06/2005] [00:17 11/06/2005] AD3D9D191AEA7B5445FE1D82FFBB4788
C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe -----c 57856 bytes [16:46 25/08/2008] [23:53 10/06/2005] DA81EC57ACD4CDC3D4C51CF3D409AF9F
C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe --a--c 57856 bytes [08:53 23/09/2007] [12:00 27/08/2004] FD532707B4C012B2B73A8104EC7D510A
C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe ------ 57856 bytes [16:06 14/04/2008] [16:06 14/04/2008] E06D0A59737CF479466A86AB5E2A0B6B
C:\WINDOWS\system32\spoolsv.exe --a--- 57856 bytes [12:00 27/08/2004] [16:06 14/04/2008] 149A85FA474FAD7E2472F06EFAA85A5E

Searching for "sens.dll"
C:\WINDOWS\$NtServicePackUninstall$\sens.dll -----c 38912 bytes [16:46 25/08/2008] [12:00 27/08/2004] 073486C13324C301FCF3EE568029F2EB
C:\WINDOWS\ServicePackFiles\i386\sens.dll ------ 39424 bytes [16:05 14/04/2008] [16:05 14/04/2008] 1DDA52FBBD05D3FA61A209447FA54AEF
C:\WINDOWS\system32\sens.dll --a--- 39424 bytes [12:00 27/08/2004] [16:05 14/04/2008] 5717EC4E2854577B8CA2992E1A93F70E

-=End Of File=-


  • 0

#12
fenzodahl512
Posted 18 April 2009 - 07:31 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok, lets do another strong scan...



Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.
Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..
  • 0

#13
kasperbs
Posted 19 April 2009 - 03:56 AM

kasperbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
There are no instructions on how to disable Norman Anti Virus, there is no icon in the tray and I can't identify the right process?

Edited by kasperbs, 19 April 2009 - 03:57 AM.

  • 0

#14
fenzodahl512
Posted 19 April 2009 - 04:31 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Save ComboFix to your Desktop and do below..


Go to Start >> Run >> copy/paste below >> Enter

"%userprofile%\desktop\combofix.exe" /killall

It will run ComboFix via special mode.. Let it run and don't do anything with your computer..

When finished, it shall produce a log for you. Post that log in your next reply.
  • 0

#15
kasperbs
Posted 19 April 2009 - 04:51 AM

kasperbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I tried that but it doesn't seem to have any effect, I still get the same error message.

Posted Image

If I close the window, another one appear with a similar message, closing that will run combofix.exe but I haven't completed that scan because of the error messages.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP