[code] OTScanIt2 logfile created on: 2009-01-04 20:05:12 - Run 1 OTScanIt2 by OldTimer - Version 1.0.5.0 Folder = C:\Documents and Settings\HP_Ägaren\Skrivbord\OTScanIt2 Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd 1023,29 Mb Total Physical Memory | 597,85 Mb Available Physical Memory | 58,42% Memory free 2,40 Gb Paging File | 1,99 Gb Available in Paging File | 82,76% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Drive C: | 227,79 Gb Total Space | 179,52 Gb Free Space | 78,81% Space Free | Partition Type: NTFS Drive D: | 5,08 Gb Total Space | 1,32 Gb Free Space | 25,98% Space Free | Partition Type: FAT32 Unable to calculate disk information. F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive M: | 137,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ANDERS Current User Name: HP_Ägaren Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days [Processes - Safe List] aawservice.exe -> %SystemDrive%\MiniProgram\AdAware 2008\aawservice.exe -> [2008-09-10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> [2005-03-04 11:01:56 | 00,088,209 | ---- | M] (Agere Systems) avgas.exe -> %SystemDrive%\MiniProgram\AVG Anti-Spyware 7.5\avgas.exe -> [2007-06-11 10:25:42 | 06,731,312 | ---- | M] (GRISOFT s.r.o.) ctdvddet.exe -> %ProgramFiles%\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe -> [2003-06-18 01:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd) cthelper.exe -> %SystemRoot%\system32\CTHELPER.EXE -> [2003-11-14 01:18:38 | 00,024,576 | ---- | M] (Creative Technology Ltd) ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> [1999-12-13 16:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) egui.exe -> %ProgramFiles%\ESET\ESET NOD32 Antivirus\egui.exe -> [2007-11-14 15:05:24 | 01,410,304 | ---- | M] (ESET) ekrn.exe -> %ProgramFiles%\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2007-11-14 15:05:50 | 00,455,936 | ---- | M] (ESET) eraser.exe -> %SystemDrive%\Temporary Programs\Eraser\eraser.exe -> [2006-08-07 22:07:30 | 00,634,880 | ---- | M] (Heidi Computers Ltd) guard.exe -> %SystemDrive%\MiniProgram\AVG Anti-Spyware 7.5\guard.exe -> [2007-05-30 13:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) hphmon06.exe -> %SystemRoot%\system32\hphmon06.exe -> [2004-06-07 19:31:22 | 00,659,456 | ---- | M] (Hewlett-Packard) hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> [2004-05-29 05:31:38 | 00,241,664 | ---- | M] (Hewlett-Packard Co.) hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> [1998-05-07 16:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> [2007-09-25 00:11:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> [2003-02-11 20:02:48 | 00,061,440 | ---- | M] (Hewlett-Packard Company) lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2004-09-23 17:29:26 | 00,038,912 | ---- | M] () mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2006-02-28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) mspmspsv.exe -> %SystemRoot%\system32\MsPMSPSv.exe -> [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2007-12-05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) opwarese2.exe -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe -> [2003-05-08 11:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.) otscanit2.exe -> %UserProfile%\Skrivbord\OTScanIt2\OTScanIt2.exe -> [2009-01-03 12:44:42 | 00,485,888 | ---- | M] (OldTimer Tools) pchbutton.exe -> %ProgramFiles%\Help and Support Additions\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe -> [2005-01-01 22:49:36 | 00,159,744 | ---- | M] (Motive Communications, Inc.) qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> [2005-01-01 22:40:57 | 00,098,304 | ---- | M] (Apple Computer, Inc.) rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2004-08-04 04:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) schsvr.exe -> %CommonProgramFiles%\InterVideo\SchSvr\SchSvr.exe -> [2004-09-23 10:22:16 | 00,106,496 | ---- | M] (InterVideo Inc.) starwindservice.exe -> %SystemDrive%\Temporary Programs\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> [2005-04-02 00:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) wacom_tablet.exe -> %SystemRoot%\system32\Wacom_Tablet.exe -> [2007-09-07 19:40:04 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) wacom_tablet.exe -> %SystemRoot%\system32\Wacom_Tablet.exe -> [2007-09-07 19:40:04 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) wacom_tabletuser.exe -> %SystemRoot%\system32\WTablet\Wacom_TabletUser.exe -> [2007-09-07 19:40:34 | 00,132,392 | ---- | M] (Wacom Technology, Corp.) wdfmgr.exe -> %SystemRoot%\system32\wdfmgr.exe -> [2005-01-28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) winremote.exe -> %ProgramFiles%\InterVideo\Common\Bin\WinRemote.exe -> [2004-10-19 11:28:22 | 00,192,512 | ---- | M] (InterVideo Inc.) wuauclt.exe -> %SystemRoot%\system32\wuauclt.exe -> [2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %SystemDrive%\MiniProgram\AdAware 2008\aawservice.exe -> [2008-09-10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) (Automatisk LiveUpdate-schemaläggare) Automatisk LiveUpdate-schemaläggare [Win32_Own | Auto | Stopped] -> -> File not found (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %SystemDrive%\MiniProgram\AVG Anti-Spyware 7.5\guard.exe -> [2007-05-30 13:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) (Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2006-02-28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> [1999-12-13 16:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) (EhttpSrv) Eset HTTP Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -> [2007-11-14 15:07:52 | 00,018,176 | ---- | M] () (ekrn) Eset Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2007-11-14 15:05:50 | 00,455,936 | ---- | M] (ESET) (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008-04-07 17:53:06 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) (FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2004-08-04 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2004-09-23 17:29:26 | 00,038,912 | ---- | M] () (NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2007-12-05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) (StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> %SystemDrive%\Temporary Programs\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> [2005-04-02 00:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) (TabletServiceWacom) TabletServiceWacom [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Wacom_Tablet.exe -> [2007-09-07 19:40:04 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) (UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wdfmgr.exe -> [2005-01-28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) (WMDM PMSP Service) WMDM PMSP Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\MsPMSPSv.exe -> [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> [2005-03-04 11:02:20 | 01,066,278 | ---- | M] (Agere Systems) (AmdK7) AMD K7-processordrivrutin [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\amdk7.sys -> [2004-08-04 11:00:00 | 00,041,344 | ---- | M] (Microsoft Corporation) (AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %SystemDrive%\MiniProgram\AVG Anti-Spyware 7.5\guard.sys -> [2007-05-30 13:10:42 | 00,011,000 | ---- | M] () (AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AvgAsCln.sys -> [2007-05-30 13:10:42 | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) (Cap7134) ASUS TV7134 WDM Video Capture [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Cap7134.sys -> [2004-06-23 20:34:56 | 00,334,432 | ---- | M] (asus) (ctac32k) Creative AC3 Software Decoder [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctac32k.sys -> [2003-11-14 00:59:18 | 00,645,360 | ---- | M] (Creative Technology Ltd) (ctaud2k) Creative Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctaud2k.sys -> [2004-02-06 17:37:04 | 00,366,480 | ---- | M] (Creative Technology Ltd) (ctdvda2k) Creative DVD-Audio Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ctdvda2k.sys -> [2003-11-13 03:11:54 | 00,333,600 | ---- | M] (Creative Technology Ltd) (ctprxy2k) Creative Proxy Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctprxy2k.sys -> [2003-11-14 01:01:10 | 00,006,096 | ---- | M] (Creative Technology Ltd) (ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctsfm2k.sys -> [2003-11-14 01:01:38 | 00,130,288 | ---- | M] (Creative Technology Ltd) (eamon) eamon [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\eamon.sys -> [2007-11-14 15:03:52 | 00,033,800 | ---- | M] (Eset ) (easdrv) easdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\easdrv.sys -> [2007-11-14 15:04:14 | 00,027,656 | ---- | M] (ESET) (EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\el90xbc5.sys -> [2001-08-18 04:11:06 | 00,066,591 | ---- | M] (3Com Corporation) (ELECTRO) ELECTRO [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\electro.sys -> [2002-05-08 21:28:36 | 00,034,260 | R--- | M] (Clavia DMI AB) (emupia) E-mu Plug-in Architecture Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\emupia2k.sys -> [2003-11-14 01:01:52 | 00,145,488 | ---- | M] (Creative Technology Ltd) (epfwtdir) epfwtdir [Kernel | System | Running] -> %SystemRoot%\system32\drivers\epfwtdir.sys -> [2007-11-14 15:06:38 | 00,030,728 | ---- | M] () (FsVga) FsVga [Kernel | System | Running] -> %SystemRoot%\system32\drivers\fsvga.sys -> [2004-08-04 11:00:00 | 00,012,288 | ---- | M] (Microsoft Corporation) (ha10kx2k) Creative Hardware Abstract Layer Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ha10kx2k.sys -> [2003-11-14 00:57:40 | 00,904,496 | ---- | M] (Creative Technology Ltd) (hap16v2k) Creative P16V HAL Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\haP16v2k.sys -> [2003-11-14 00:58:10 | 00,148,432 | ---- | M] (Creative Technology Ltd) (ialm) ialm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> [2004-08-20 23:26:00 | 00,737,874 | ---- | M] (Intel Corporation) (Iviaspi) IVI ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iviaspi.sys -> [2003-09-10 23:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) (kbdhid) HID-drivrutin för tangentbord [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2004-08-04 01:18:48 | 00,014,848 | ---- | M] (Microsoft Corporation) (NMG2USB) NMG2USB [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmg2usb.sys -> [2003-11-12 09:34:18 | 00,019,880 | R--- | M] (Clavia DMI AB) (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2007-12-05 01:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) (ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctoss2k.sys -> [2003-11-14 01:01:02 | 00,178,672 | ---- | M] (Creative Technology Ltd.) (Pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> [2003-09-19 01:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) (PhTVTune) ASUS WDM TV Tuner [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\PhTVTune.sys -> [2004-05-27 18:49:14 | 00,024,608 | ---- | M] (Philips Semiconductors) (Ps2) Ps2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PS2.sys -> [2001-06-04 14:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004-08-04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2005-01-01 22:14:50 | 00,020,576 | ---- | M] (Sonic Solutions) (rtl8139) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\R8139n51.sys -> [2002-10-04 17:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007-11-13 11:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (SiS315) SiS315 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sisgrp.sys -> [2004-09-29 22:55:50 | 00,229,888 | ---- | M] (Silicon Integrated Systems Corporation) (SISAGP) SiS AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SISAGPX.SYS -> [2003-07-18 16:58:20 | 00,036,992 | ---- | M] (Silicon Integrated Systems Corporation) (SiSkp) SiSkp [Kernel | System | Running] -> %SystemRoot%\system32\drivers\srvkp.sys -> [2004-09-24 10:38:40 | 00,012,928 | ---- | M] (Silicon Integrated Systems Corporation) (symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> [2005-06-27 21:15:50 | 00,004,608 | ---- | M] (Symantec Corporation) (Vax347b) Vax347b [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Vax347b.sys -> [2005-04-25 09:43:58 | 00,159,616 | ---- | M] ( ) (Vax347s) Vax347s [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Vax347s.sys -> [2004-04-30 08:33:00 | 00,005,248 | ---- | M] ( ) (viaagp1) VIA AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\VIAAGP1.SYS -> [2003-07-02 11:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) (viagfx) viagfx [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\vtmini.sys -> [2004-09-23 17:52:20 | 00,173,312 | ---- | M] (Copyright (C) VIA/S3 Graphics Co, Ltd.) (wacommousefilter) Wacom Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wacommousefilter.sys -> [2007-02-16 20:12:36 | 00,011,312 | ---- | M] (Wacom Technology) (wacomvhid) Wacom Virtual Hid Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wacomvhid.sys -> [2007-02-16 19:30:12 | 00,012,848 | ---- | M] (Wacom Technology) (WacomVKHid) Virtual Keyboard Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\WacomVKHid.sys -> [2007-02-16 01:11:28 | 00,011,440 | ---- | M] (Wacom Technology) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"OCustomizeSearch" -> http://search.jword.jp/jwd_sb_srchcust.htm?ielang={SUB_RFC1766} -> HKEY_LOCAL_MACHINE\: Search\\"OSearchAssistant" -> http://search.jword.jp/jwd_sb_srchasst.htm?ielang={SUB_RFC1766} -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.se/ -> HKEY_CURRENT_USER\: SearchURL\\"provider" -> -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\] > -> -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\: Main\\"Page_Transitions" -> -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\: Main\\"Search Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\: Main\\"Start Page" -> http://www.google.se/ -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\: SearchURL\\"provider" -> -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\: "ProxyOverride" -> *.local -> < FireFox Settings [Default Profile] > -> C:\Documents and Settings\HP_Ägaren\Application Data\Mozilla\FireFox\Profiles\fzsrrstk.default\prefs.js -> browser.search.selectedEngine -> "Google" -> browser.startup.homepage_override.mstone -> "rv:1.8.1.20" -> < HOSTS File > (710 bytes and 18 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006-12-18 04:16:42 | 00,059,032 | ---- | M] (Adobe Systems Incorporated) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> [2007-09-25 00:11:33 | 00,501,136 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "" [HKLM] -> Reg Error: Key does not exist or could not be opened. [ScriptInocUI Class] -> File not found "{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" [HKLM] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [2004-04-16 18:43:12 | 00,405,504 | ---- | M] () "{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" [HKLM] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP-vy] -> [2003-11-21 12:26:28 | 00,098,304 | ---- | M] (Hewlett-Packard Company) < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" [HKLM] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP-vy] -> [2003-11-21 12:26:28 | 00,098,304 | ---- | M] (Hewlett-Packard Company) WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" [HKLM] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP-vy] -> [2003-11-21 12:26:28 | 00,098,304 | ---- | M] (Hewlett-Packard Company) < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\] > -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" [HKLM] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP-vy] -> [2003-11-21 12:26:28 | 00,098,304 | ---- | M] (Hewlett-Packard Company) WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" [HKLM] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP-vy] -> [2003-11-21 12:26:28 | 00,098,304 | ---- | M] (Hewlett-Packard Company) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "!AVG Anti-Spyware" -> %SystemDrive%\MiniProgram\AVG Anti-Spyware 7.5\avgas.exe ["C:\MiniProgram\AVG Anti-Spyware 7.5\avgas.exe" /minimized] -> [2007-06-11 10:25:42 | 06,731,312 | ---- | M] (GRISOFT s.r.o.) "AGRSMMSG" -> %SystemRoot%\AGRSMMSG.exe [AGRSMMSG.exe] -> [2005-03-04 11:01:56 | 00,088,209 | ---- | M] (Agere Systems) "CTDVDDET" -> %ProgramFiles%\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe [C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE] -> [2003-06-18 01:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd) "CTHelper" -> %SystemRoot%\system32\CTHELPER.EXE [CTHELPER.EXE] -> [2003-11-14 01:18:38 | 00,024,576 | ---- | M] (Creative Technology Ltd) "egui" -> %ProgramFiles%\ESET\ESET NOD32 Antivirus\egui.exe ["C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice] -> [2007-11-14 15:05:24 | 01,410,304 | ---- | M] (ESET) "Home Theater SchSvr" -> %CommonProgramFiles%\InterVideo\SchSvr\SchSvr.exe ["C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe"] -> [2004-09-23 10:22:16 | 00,106,496 | ---- | M] (InterVideo Inc.) "HPHmon06" -> %SystemRoot%\system32\hphmon06.exe [C:\WINDOWS\system32\hphmon06.exe] -> [2004-06-07 19:31:22 | 00,659,456 | ---- | M] (Hewlett-Packard) "HPHUPD06" -> %ProgramFiles%\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe] -> [2004-06-07 19:34:50 | 00,049,152 | ---- | M] (Hewlett-Packard) "hpsysdrv" -> %SystemRoot%\system\hpsysdrv.exe [c:\windows\system\hpsysdrv.exe] -> [1998-05-07 16:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) "IgfxTray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2004-08-20 22:55:14 | 00,155,648 | ---- | M] (Intel Corporation) "KBD" -> %SystemDrive%\hp\KBD\kbd.exe [C:\HP\KBD\KBD.EXE] -> [2003-02-11 20:02:48 | 00,061,440 | ---- | M] (Hewlett-Packard Company) "LSBWatcher" -> %SystemDrive%\hp\drivers\hplsbwatcher\LSBurnWatcher.exe [c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe] -> [2004-10-14 21:54:32 | 00,253,952 | ---- | M] (Hewlett-Packard Company) "NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2007-12-05 01:41:00 | 08,523,776 | ---- | M] (NVIDIA Corporation) "nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2007-12-05 01:41:00 | 01,626,112 | ---- | M] () "NvMediaCenter" -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2007-12-05 01:41:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) "OpwareSE2" -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe ["C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"] -> [2003-05-08 11:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.) "PS2" -> %SystemRoot%\system32\ps2.EXE [C:\WINDOWS\system32\ps2.exe] -> [2002-10-16 16:57:10 | 00,081,920 | ---- | M] (Hewlett-Packard Company) "QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program\QuickTime\qttask.exe" -atboottime] -> [2005-01-01 22:40:57 | 00,098,304 | ---- | M] (Apple Computer, Inc.) "Recguard" -> %SystemRoot%\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [2004-04-14 20:43:46 | 00,233,472 | ---- | M] () "SiSPower" -> %SystemRoot%\system32\SiSPower.dll [Rundll32.exe SiSPower.dll,ModeAgent] -> [2004-09-24 09:49:34 | 00,049,152 | ---- | M] (Silicon Integrated Systems Corporation) "SunJavaUpdateSched" -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe ["C:\Program\Java\jre1.6.0_03\bin\jusched.exe"] -> [2007-09-25 00:11:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) "UpdReg" -> %SystemRoot%\Updreg.EXE [C:\WINDOWS\UpdReg.EXE] -> [2000-05-11 01:00:00 | 00,090,112 | ---- | M] (Creative Technology Ltd.) "WINCINEMAMGR" -> %ProgramFiles%\InterVideo\Common\Bin\WinRemote.exe [C:\Program\InterVideo\Common\Bin\WinRemote.exe] -> [2004-10-19 11:28:22 | 00,192,512 | ---- | M] (InterVideo Inc.) "WINREMOTE" -> %ProgramFiles%\InterVideo\Common\Bin\WinRemote.exe [C:\Program\InterVideo\Common\Bin\WinRemote.exe] -> [2004-10-19 11:28:22 | 00,192,512 | ---- | M] (InterVideo Inc.) "VTTimer" -> [VTTimer.exe] -> File not found < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Acme.PCHButton" -> %ProgramFiles%\Help and Support Additions\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe [C:\Program\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\pchbutton.exe] -> [2005-01-01 22:49:36 | 00,159,744 | ---- | M] (Motive Communications, Inc.) "Eraser" -> %SystemDrive%\Temporary Programs\Eraser\eraser.exe [C:\Temporary Programs\Eraser\eraser.exe -hide] -> [2006-08-07 22:07:30 | 00,634,880 | ---- | M] (Heidi Computers Ltd) "MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program\Messenger\msmsgs.exe" /background] -> [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) "updateMgr" -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> [2006-03-30 16:45:08 | 00,313,472 | R--- | M] (Adobe Systems Incorporated) < RunOnce [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "CMSRegOW.exe" -> %ProgramFiles%\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe ["C:\Program\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r] -> [2003-06-16 01:00:00 | 00,057,344 | ---- | M] (Creative Technology Ltd) "SetDefaultMIDI" -> %SystemRoot%\MIDIDEF.EXE [MIDIDEF.EXE] -> [2003-06-21 02:13:46 | 00,049,152 | ---- | M] (Creative Technology Ltd) "StartMS" -> ["C:\Program\Creative\Shared Files\Media Sniffer\StartMS.EXE" /s] -> File not found < RunOnce [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "CMSRegOW.exe" -> %ProgramFiles%\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe ["C:\Program\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r] -> [2003-06-16 01:00:00 | 00,057,344 | ---- | M] (Creative Technology Ltd) "SetDefaultMIDI" -> %SystemRoot%\MIDIDEF.EXE [MIDIDEF.EXE] -> [2003-06-21 02:13:46 | 00,049,152 | ---- | M] (Creative Technology Ltd) "StartMS" -> ["C:\Program\Creative\Shared Files\Media Sniffer\StartMS.EXE" /s] -> File not found < Run [HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\] > -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Acme.PCHButton" -> %ProgramFiles%\Help and Support Additions\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe [C:\Program\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\pchbutton.exe] -> [2005-01-01 22:49:36 | 00,159,744 | ---- | M] (Motive Communications, Inc.) "Eraser" -> %SystemDrive%\Temporary Programs\Eraser\eraser.exe [C:\Temporary Programs\Eraser\eraser.exe -hide] -> [2006-08-07 22:07:30 | 00,634,880 | ---- | M] (Heidi Computers Ltd) "MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program\Messenger\msmsgs.exe" /background] -> [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) "updateMgr" -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> [2006-03-30 16:45:08 | 00,313,472 | R--- | M] (Adobe Systems Incorporated) < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start-meny\Program\Autostart -> %AllUsersProfile%\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005-09-23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) %AllUsersProfile%\Start-meny\Program\Autostart\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> [2004-05-29 05:31:38 | 00,241,664 | ---- | M] (Hewlett-Packard Co.) %AllUsersProfile%\Start-meny\Program\Autostart\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office10\OSA.EXE -> [2001-02-13 10:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start-meny\Program\Autostart -> < HP_Ägaren Startup Folder > -> C:\Documents and Settings\HP_Ägaren\Start-meny\Program\Autostart -> < User Startup Folder > -> C:\Documents and Settings\User\Start-meny\Program\Autostart -> < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"DisableRegistryTools" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [91 00 00 00 [binary data]] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [91 00 00 00 [binary data]] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007] > -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007] > -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"DisableRegistryTools" -> [0] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xportera till Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office10\EXCEL.EXE [res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000] -> [2001-02-16 10:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation) Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll [res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html] -> [2004-04-16 18:42:08 | 00,200,704 | ---- | M] () Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll [res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html] -> [2004-04-16 18:42:08 | 00,200,704 | ---- | M] () Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll [res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html] -> [2004-04-16 18:42:08 | 00,200,704 | ---- | M] () Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll [res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html] -> [2004-04-16 18:42:08 | 00,200,704 | ---- | M] () < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\] > -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xportera till Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office10\EXCEL.EXE [res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000] -> [2001-02-16 10:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation) Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll [res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html] -> [2004-04-16 18:42:08 | 00,200,704 | ---- | M] () Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll [res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html] -> [2004-04-16 18:42:08 | 00,200,704 | ---- | M] () Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll [res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html] -> [2004-04-16 18:42:08 | 00,200,704 | ---- | M] () Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll [res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html] -> [2004-04-16 18:42:08 | 00,200,704 | ---- | M] () < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Menu: Sun Java-konsol] -> [2007-09-25 00:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java-konsol] -> [2007-09-25 00:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) CmdMapping\\"{34D67ED2-C837-4627-838C-2264E347D291}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{5D73EE86-05F1-49ed-B850-E423120EC338}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{B7707A72-4355-11D4-82BD-00000EBBEF8D}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java-konsol] -> [2007-09-25 00:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java-konsol] -> [2007-09-25 00:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\] > -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java-konsol] -> [2007-09-25 00:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) CmdMapping\\"{34D67ED2-C837-4627-838C-2264E347D291}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{5D73EE86-05F1-49ed-B850-E423120EC338}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{B7707A72-4355-11D4-82BD-00000EBBEF8D}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX-galleri -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\] > -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\] > -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-750018836-4252786669-3398141654-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} [HKLM] -> http://www.musicnotes.com/download/mnviewer.cab[Musicnotes Viewer] -> {166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {33564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] -> {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [HKLM] -> http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab[Reg Error: Key does not exist or could not be opened.] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [HKLM] -> http://ax.emsisoft.com/asquared.cab[a-squared Scanner] -> {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab[Java Plug-in 1.4.0] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [HKLM] -> http://www.popcap.com/games/popcaploader_v6.cab[PopCapLoader Object] -> {EB6D7E70-AAA9-40D9-BA05-F214089F2275} [HKLM] -> http://www.clickteam.com/vitalize3/vitalize.cab[Reg Error: Key does not exist or could not be opened.] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {38FDA2C0-466D-47FF-A4F2-CE2AD686A080} -> (1394 Net Adapter) -> {C76DB313-C21D-4569-9C4B-C93B1F4569C7} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) -> {F751C8D1-D36A-4CB8-97FF-753FFA75C460} -> () -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> [2004-08-20 22:50:54 | 00,344,064 | ---- | M] (Intel Corporation) < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" [HKLM] -> %SystemDrive%\MiniProgram\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> [2007-05-30 13:29:58 | 00,079,408 | ---- | M] (GRISOFT s.r.o.) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%ProgramFiles%\iTunes\iTunes.exe" -> C:\Program\iTunes\iTunes.exe [%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes] -> File not found "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004-08-04 04:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004-08-04 04:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) "C:\Program\Bonjour\mDNSResponder.exe" -> C:\Program\Bonjour\mDNSResponder.exe [C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2006-02-28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) "C:\Temporary Programs\LimeWire\LimeWire.exe" -> C:\Temporary Programs\LimeWire\LimeWire.exe [C:\Temporary Programs\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found "C:\Temporary Programs\uTorrent\utorrent.exe" -> C:\Temporary Programs\uTorrent\utorrent.exe [C:\Temporary Programs\uTorrent\utorrent.exe:*:Enabled:µTorrent] -> File not found < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM-drivrutin -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2004-08-04 04:00:00 | 00,049,536 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2005-01-01 20:48:46 | 00,000,000 | ---- | M] () D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001-07-28 06:07:38 | 00,000,000 | -HS- | M] () D:\Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] -> D:\Autorun.inf [ FAT32 ] -> [2004-04-30 22:01:14 | 00,000,053 | -HS- | M] () M:\Autorun.inf [[Autorun] | open=install.exe | icon=bunka\th095.exe | ] -> M:\Autorun.inf [ CDFS ] -> [2005-12-29 16:00:00 | 00,000,051 | R--- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \K HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\Shell \K\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\Shell\AutoRun\command \K\Shell\AutoRun\command\\"" -> K:\LaunchU3.exe [K:\LaunchU3.exe -a] -> File not found \{35c8db25-4da5-11dd-9dd4-0011d84964c2} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35c8db25-4da5-11dd-9dd4-0011d84964c2}\Shell\AutoRun\command \{35c8db25-4da5-11dd-9dd4-0011d84964c2}\Shell\AutoRun\command\\"" -> K:\wd_windows_tools\WDSetup.exe [K:\wd_windows_tools\WDSetup.exe] -> File not found [Registry - Additional Scans - Safe List] < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 2008-12-26 17:38:23 Computer Name = ANDERS | Source = Application Error | ID = 1000 -> Description = Felaktigt program firefox.exe, version 1.8.20081.21709, felaktig modul npswf32.dll, version 9.0.45.0, felaktig adress 0x0014af1a. Application [ Error ] 2008-12-26 18:57:34 Computer Name = ANDERS | Source = Application Error | ID = 1000 -> Description = Felaktigt program th095.exe, version 0.0.0.0, felaktig modul th095.exe, version 0.0.0.0, felaktig adress 0x0000858c. Application [ Error ] 2008-12-27 07:45:29 Computer Name = ANDERS | Source = Application Error | ID = 1000 -> Description = Felaktigt program isuninst.exe, version 5.51.138.0, felaktig modul _detmp.2, version 0.0.0.0, felaktig adress 0x00003e8c. Application [ Error ] 2008-12-27 10:38:02 Computer Name = ANDERS | Source = Application Error | ID = 1000 -> Description = Felaktigt program pchnotify.exe, version 0.0.0.0, felaktig modul kernel32.dll, version 5.1.2600.3119, felaktig adress 0x00012a5b. Application [ Error ] 2008-12-27 12:26:17 Computer Name = ANDERS | Source = Application Error | ID = 1000 -> Description = Felaktigt program firefox.exe, version 1.8.20081.21709, felaktig modul npswf32.dll, version 9.0.45.0, felaktig adress 0x0007ff65. Application [ Error ] 2008-12-27 18:37:48 Computer Name = ANDERS | Source = Application Error | ID = 1000 -> Description = Felaktigt program iexplore.exe, version 6.0.2900.2180, felaktig modul toolband.dll, version 2.5.0.25, felaktig adress 0x0001eb2a. Application [ Error ] 2008-12-28 12:33:12 Computer Name = ANDERS | Source = Application Error | ID = 1000 -> Description = Felaktigt program th095.exe, version 0.0.0.0, felaktig modul th095.exe, version 0.0.0.0, felaktig adress 0x0001ba10. Application [ Error ] 2009-01-01 18:10:21 Computer Name = ANDERS | Source = Application Error | ID = 1000 -> Description = Felaktigt program firefox.exe, version 1.8.20081.21709, felaktig modul npswf32.dll, version 9.0.45.0, felaktig adress 0x0014af1a. Application [ Error ] 2009-01-01 18:11:42 Computer Name = ANDERS | Source = Application Error | ID = 1000 -> Description = Felaktigt program firefox.exe, version 1.8.20081.21709, felaktig modul npswf32.dll, version 9.0.45.0, felaktig adress 0x000486b2. Application [ Error ] 2009-01-02 20:06:08 Computer Name = ANDERS | Source = TabletServiceWacom | ID = 0 -> Description = System [ Error ] 2008-12-31 06:37:02 Computer Name = ANDERS | Source = Service Control Manager | ID = 7000 -> Description = Tjänsten Automatisk LiveUpdate-schemaläggare kunde inte startas på grund av följande fel: %%3 System [ Error ] 2008-12-31 18:56:29 Computer Name = ANDERS | Source = Service Control Manager | ID = 7000 -> Description = Tjänsten Automatisk LiveUpdate-schemaläggare kunde inte startas på grund av följande fel: %%3 System [ Error ] 2009-01-01 07:00:14 Computer Name = ANDERS | Source = Dhcp | ID = 1002 -> Description = IP-adresslånet 192.168.0.2 för det nätverkskort som har nätverksadressen 0011D84964C2 har nekats av DHCP-servern 192.168.0.1 (DHCP-servern skickade ett DHCPNACK-meddelande). System [ Error ] 2009-01-01 07:01:42 Computer Name = ANDERS | Source = Service Control Manager | ID = 7000 -> Description = Tjänsten Automatisk LiveUpdate-schemaläggare kunde inte startas på grund av följande fel: %%3 System [ Error ] 2009-01-02 12:27:16 Computer Name = ANDERS | Source = Dhcp | ID = 1002 -> Description = IP-adresslånet 192.168.0.2 för det nätverkskort som har nätverksadressen 0011D84964C2 har nekats av DHCP-servern 192.168.0.1 (DHCP-servern skickade ett DHCPNACK-meddelande). System [ Error ] 2009-01-02 12:28:48 Computer Name = ANDERS | Source = Service Control Manager | ID = 7000 -> Description = Tjänsten Automatisk LiveUpdate-schemaläggare kunde inte startas på grund av följande fel: %%3 System [ Error ] 2009-01-03 06:39:36 Computer Name = ANDERS | Source = Dhcp | ID = 1002 -> Description = IP-adresslånet 192.168.0.2 för det nätverkskort som har nätverksadressen 0011D84964C2 har nekats av DHCP-servern 192.168.0.1 (DHCP-servern skickade ett DHCPNACK-meddelande). System [ Error ] 2009-01-03 06:41:09 Computer Name = ANDERS | Source = Service Control Manager | ID = 7000 -> Description = Tjänsten Automatisk LiveUpdate-schemaläggare kunde inte startas på grund av följande fel: %%3 System [ Error ] 2009-01-04 07:18:23 Computer Name = ANDERS | Source = Dhcp | ID = 1002 -> Description = IP-adresslånet 192.168.0.2 för det nätverkskort som har nätverksadressen 0011D84964C2 har nekats av DHCP-servern 192.168.0.1 (DHCP-servern skickade ett DHCPNACK-meddelande). System [ Error ] 2009-01-04 07:19:47 Computer Name = ANDERS | Source = Service Control Manager | ID = 7000 -> Description = Tjänsten Automatisk LiveUpdate-schemaläggare kunde inte startas på grund av följande fel: %%3 [Files/Folders - Created Within 30 Days] 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> OTScanIt2 -> %UserProfile%\Skrivbord\OTScanIt2 -> [2009-01-04 20:01:21 | 00,000,000 | ---D | C] OTScanIt2.exe -> %UserProfile%\Skrivbord\OTScanIt2.exe -> [2009-01-04 19:59:36 | 00,657,248 | ---- | C] () HijackThis.lnk -> %UserProfile%\Skrivbord\HijackThis.lnk -> [2009-01-01 01:52:22 | 00,001,557 | ---- | C] () Malwarebytes -> %AppData%\Malwarebytes -> [2009-01-01 00:23:14 | 00,000,000 | ---D | C] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009-01-01 00:23:13 | 00,015,504 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Skrivbord\Malwarebytes' Anti-Malware.lnk -> [2009-01-01 00:23:13 | 00,000,681 | ---- | C] () mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009-01-01 00:23:10 | 00,038,496 | ---- | C] (Malwarebytes Corporation) Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009-01-01 00:23:09 | 00,000,000 | ---D | C] Ad-Watch.lnk -> %AllUsersProfile%\Skrivbord\Ad-Watch.lnk -> [2008-12-27 12:59:10 | 00,000,693 | ---- | C] () Ad-Aware.lnk -> %AllUsersProfile%\Skrivbord\Ad-Aware.lnk -> [2008-12-27 12:59:10 | 00,000,693 | ---- | C] () Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [2008-12-27 12:57:33 | 00,000,000 | ---D | C] _detmp.2 -> %SystemRoot%\_detmp.2 -> [2008-12-27 12:45:14 | 00,204,861 | ---- | C] () _detmp.1 -> %SystemRoot%\_detmp.1 -> [2008-12-27 12:45:14 | 00,196,352 | ---- | C] () ESET -> %UserProfile%\Lokala inställningar\Application Data\ESET -> [2008-12-27 03:45:20 | 00,000,000 | ---D | C] “Œ•û•¶‰Ô’Ÿ -> %ProgramFiles%\“Œ•û•¶‰Ô’Ÿ -> [2008-12-26 16:06:05 | 00,000,000 | ---D | C] Microsoft Help -> %UserProfile%\Lokala inställningar\Application Data\Microsoft Help -> [2008-12-25 12:57:45 | 00,000,000 | ---D | C] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [2008-12-25 12:57:22 | 00,000,000 | ---D | C] Microsoft SDKs -> %ProgramFiles%\Microsoft SDKs -> [2008-12-25 12:56:56 | 00,000,000 | ---D | C] Install Microsoft Visual C# 2008 Express Edition with SP1.lnk -> %UserProfile%\Skrivbord\Install Microsoft Visual C# 2008 Express Edition with SP1.lnk -> [2008-12-25 02:15:06 | 00,000,967 | ---- | C] () XPSViewer -> %SystemRoot%\System32\XPSViewer -> [2008-12-25 01:02:12 | 00,000,000 | ---D | C] MSBuild -> %ProgramFiles%\MSBuild -> [2008-12-25 01:02:08 | 00,000,000 | ---D | C] en-US -> %SystemRoot%\System32\en-US -> [2008-12-25 01:02:06 | 00,000,000 | ---D | C] Reference Assemblies -> %ProgramFiles%\Reference Assemblies -> [2008-12-25 01:01:59 | 00,000,000 | ---D | C] xpssvcs.dll -> %SystemRoot%\System32\xpssvcs.dll -> [2008-12-25 01:01:02 | 01,676,288 | ---- | C] (Microsoft Corporation) xpssvcs.dll -> %SystemRoot%\System32\dllcache\xpssvcs.dll -> [2008-12-25 01:01:02 | 01,676,288 | ---- | C] (Microsoft Corporation) printfilterpipelinesvc.exe -> %SystemRoot%\System32\dllcache\printfilterpipelinesvc.exe -> [2008-12-25 01:01:02 | 00,597,504 | ---- | C] (Microsoft Corporation) xpsshhdr.dll -> %SystemRoot%\System32\xpsshhdr.dll -> [2008-12-25 01:01:02 | 00,575,488 | ---- | C] (Microsoft Corporation) xpsshhdr.dll -> %SystemRoot%\System32\dllcache\xpsshhdr.dll -> [2008-12-25 01:01:02 | 00,575,488 | ---- | C] (Microsoft Corporation) prntvpt.dll -> %SystemRoot%\System32\prntvpt.dll -> [2008-12-25 01:01:02 | 00,117,760 | ---- | C] (Microsoft Corporation) filterpipelineprintproc.dll -> %SystemRoot%\System32\dllcache\filterpipelineprintproc.dll -> [2008-12-25 01:01:02 | 00,089,088 | ---- | C] (Microsoft Corporation) 1116d7277f93f9472b83 -> %SystemDrive%\1116d7277f93f9472b83 -> [2008-12-25 01:01:01 | 00,000,000 | ---D | C] MSXML 6.0 -> %ProgramFiles%\MSXML 6.0 -> [2008-12-25 00:56:45 | 00,000,000 | ---D | C] 9e2500133df8c2bc46db27414675e8 -> %SystemDrive%\9e2500133df8c2bc46db27414675e8 -> [2008-12-25 00:50:30 | 00,000,000 | ---D | C] Touhou English.lnk -> %UserProfile%\Skrivbord\Touhou English.lnk -> [2008-12-22 21:42:20 | 00,000,759 | ---- | C] () that1jpg.jpg -> %UserProfile%\Skrivbord\that1jpg.jpg -> [2008-12-22 01:19:30 | 00,508,349 | ---- | C] () that.jpg -> %UserProfile%\Skrivbord\that.jpg -> [2008-12-22 01:06:29 | 00,141,771 | ---- | C] () Överklaga1.doc -> %UserProfile%\Mina dokument\Överklaga1.doc -> [2008-12-15 18:36:38 | 00,020,992 | ---- | C] () [Files/Folders - Modified Within 30 Days] 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 24 C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\*.tmp files -> C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\*.tmp -> 24 C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\*.tmp files -> C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\*.tmp -> OTScanIt2.exe -> %UserProfile%\Skrivbord\OTScanIt2.exe -> [2009-01-04 19:59:57 | 00,657,248 | ---- | M] () QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2009-01-04 18:38:57 | 00,054,156 | -H-- | M] () hpsysdrv.DAT -> %SystemRoot%\System\hpsysdrv.DAT -> [2009-01-04 12:20:28 | 00,000,188 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009-01-04 12:18:29 | 00,000,006 | -H-- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009-01-04 12:18:22 | 00,002,048 | --S- | M] () hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009-01-04 12:18:19 | 10,730,74176 | -HS- | M] () ntuser.dat -> %UserProfile%\ntuser.dat -> [2009-01-04 03:09:25 | 13,631,488 | ---- | M] () BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20051102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20051102}.rfx -> [2009-01-04 03:09:24 | 00,030,888 | ---- | M] () BMXState-{00000003-00000000-00000006-00001102-00000004-20051102}.rfx -> %SystemRoot%\System32\BMXState-{00000003-00000000-00000006-00001102-00000004-20051102}.rfx -> [2009-01-04 03:09:24 | 00,030,888 | ---- | M] () BMXCtrlState-{00000003-00000000-00000006-00001102-00000004-20051102}.rfx -> %SystemRoot%\System32\BMXCtrlState-{00000003-00000000-00000006-00001102-00000004-20051102}.rfx -> [2009-01-04 03:09:24 | 00,029,952 | ---- | M] () BMXBkpCtrlState-{00000003-00000000-00000006-00001102-00000004-20051102}.rfx -> %SystemRoot%\System32\BMXBkpCtrlState-{00000003-00000000-00000006-00001102-00000004-20051102}.rfx -> [2009-01-04 03:09:24 | 00,029,952 | ---- | M] () settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm -> [2009-01-04 03:09:24 | 00,001,080 | ---- | M] () settings.sfm -> %SystemRoot%\System32\settings.sfm -> [2009-01-04 03:09:24 | 00,001,080 | ---- | M] () DVCStateBkp-{00000003-00000000-00000006-00001102-00000004-20051102}.dat -> %SystemRoot%\System32\DVCStateBkp-{00000003-00000000-00000006-00001102-00000004-20051102}.dat -> [2009-01-04 03:09:24 | 00,000,384 | ---- | M] () DVCState-{00000003-00000000-00000006-00001102-00000004-20051102}.dat -> %SystemRoot%\System32\DVCState-{00000003-00000000-00000006-00001102-00000004-20051102}.dat -> [2009-01-04 03:09:24 | 00,000,384 | ---- | M] () ntuser.ini -> %UserProfile%\ntuser.ini -> [2009-01-04 03:09:15 | 00,000,304 | -HS- | M] () {00000003-00000000-00000006-00001102-00000004-20051102}.CDF -> %SystemRoot%\{00000003-00000000-00000006-00001102-00000004-20051102}.CDF -> [2009-01-04 03:08:47 | 04,932,268 | ---- | M] () Skärmförstoraren.lnk -> %UserProfile%\Skrivbord\Skärmförstoraren.lnk -> [2009-01-01 14:47:58 | 00,001,518 | ---- | M] () HijackThis.lnk -> %UserProfile%\Skrivbord\HijackThis.lnk -> [2009-01-01 01:52:22 | 00,001,557 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Skrivbord\Malwarebytes' Anti-Malware.lnk -> [2009-01-01 00:23:13 | 00,000,681 | ---- | M] () imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008-12-31 23:22:13 | 00,001,393 | ---- | M] () qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008-12-31 23:18:56 | 00,004,617 | ---- | M] () qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008-12-31 23:18:56 | 00,004,232 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008-12-31 14:31:57 | 00,120,320 | ---- | M] () IconCache.db -> %UserProfile%\Lokala inställningar\Application Data\IconCache.db -> [2008-12-31 03:23:58 | 02,112,368 | -H-- | M] () ODBC.INI -> %SystemRoot%\ODBC.INI -> [2008-12-29 12:51:46 | 00,000,383 | ---- | M] () Ad-Watch.lnk -> %AllUsersProfile%\Skrivbord\Ad-Watch.lnk -> [2008-12-27 12:59:10 | 00,000,693 | ---- | M] () Ad-Aware.lnk -> %AllUsersProfile%\Skrivbord\Ad-Aware.lnk -> [2008-12-27 12:59:10 | 00,000,693 | ---- | M] () Sierra.ini -> %SystemRoot%\Sierra.ini -> [2008-12-27 12:45:25 | 00,000,602 | ---- | M] () FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008-12-26 11:52:05 | 01,501,672 | ---- | M] () GDIPFONTCACHEV1.DAT -> %UserProfile%\Lokala inställningar\Application Data\GDIPFONTCACHEV1.DAT -> [2008-12-25 22:32:53 | 00,052,720 | ---- | M] () Install Microsoft Visual C# 2008 Express Edition with SP1.lnk -> %UserProfile%\Skrivbord\Install Microsoft Visual C# 2008 Express Edition with SP1.lnk -> [2008-12-25 13:09:57 | 00,000,967 | ---- | M] () PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008-12-25 12:56:07 | 01,051,728 | ---- | M] () perfh01D.dat -> %SystemRoot%\System32\perfh01D.dat -> [2008-12-25 12:56:07 | 00,444,322 | ---- | M] () perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008-12-25 12:56:07 | 00,442,466 | ---- | M] () perfc01D.dat -> %SystemRoot%\System32\perfc01D.dat -> [2008-12-25 12:56:07 | 00,083,620 | ---- | M] () perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008-12-25 12:56:07 | 00,071,732 | ---- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008-12-24 21:50:33 | 00,001,158 | ---- | M] () Touhou English.lnk -> %UserProfile%\Skrivbord\Touhou English.lnk -> [2008-12-22 21:42:54 | 00,000,759 | ---- | M] () that1jpg.jpg -> %UserProfile%\Skrivbord\that1jpg.jpg -> [2008-12-22 01:19:32 | 00,508,349 | ---- | M] () that.jpg -> %UserProfile%\Skrivbord\that.jpg -> [2008-12-22 01:06:30 | 00,141,771 | ---- | M] () Överklaga1.doc -> %UserProfile%\Mina dokument\Överklaga1.doc -> [2008-12-16 15:44:27 | 00,020,992 | ---- | M] () mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2008-12-12 18:36:54 | 03,081,216 | ---- | M] (Microsoft Corporation) mshtml.dll -> %SystemRoot%\System32\dllcache\mshtml.dll -> [2008-12-12 18:36:54 | 03,081,216 | ---- | M] (Microsoft Corporation) MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2008-12-09 15:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) jre-6u11-windows-i586-p-iftw_196cf524.exe -> %UserProfile%\Lokala inställningar\Temp\jre-6u11-windows-i586-p-iftw_196cf524.exe -> [2008-11-26 04:49:07 | 00,607,640 | ---- | M] (Sun Microsystems, Inc.) files.dat -> %UserProfile%\Lokala inställningar\Temp\7zS199.tmp\files.dat -> [2008-11-25 21:26:55 | 83,866,765 | ---- | M] () avgsetup.exe -> %UserProfile%\Lokala inställningar\Temp\7zS199.tmp\avgsetup.exe -> [2008-11-25 21:26:15 | 02,546,968 | ---- | M] (AVG Technologies CZ, s.r.o.) setup.dat -> %UserProfile%\Lokala inställningar\Temp\7zS199.tmp\setup.dat -> [2008-11-25 21:26:13 | 00,924,621 | ---- | M] () trialkey.dat -> %UserProfile%\Lokala inställningar\Temp\7zS199.tmp\trialkey.dat -> [2008-11-25 21:26:13 | 00,000,070 | ---- | M] () index.dat -> %UserProfile%\Lokala inställningar\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2008-03-27 00:03:07 | 01,523,712 | ---- | M] () index.dat -> %UserProfile%\Lokala inställningar\Temp\Tidigare\History.IE5\index.dat -> [2008-03-27 00:03:07 | 00,147,456 | ---- | M] () index.dat -> %UserProfile%\Lokala inställningar\Temp\Cookies\index.dat -> [2008-03-27 00:03:07 | 00,049,152 | ---- | M] () data.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\data.dat -> [2007-12-09 14:37:04 | 00,003,804 | ---- | M] () sporder.dll -> %UserProfile%\Lokala inställningar\Temp\7zS199.tmp\sporder.dll -> [2007-08-07 20:01:31 | 00,008,464 | ---- | M] (Microsoft Corporation) _is11B6.exe -> %UserProfile%\Lokala inställningar\Temp\_is11B6.exe -> [2007-02-27 16:08:44 | 00,456,416 | R--- | M] (Macrovision Corporation) index.dat -> %SystemRoot%\Temp\Tidigare\History.IE5\index.dat -> [2005-03-15 19:56:34 | 00,016,384 | ---- | M] () index.dat -> %SystemRoot%\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2005-03-15 19:56:34 | 00,016,384 | ---- | M] () index.dat -> %SystemRoot%\Temp\Cookies\index.dat -> [2005-03-15 19:56:34 | 00,016,384 | ---- | M] () SNDSrvc.exe -> %UserProfile%\Lokala inställningar\Temp\SymNet\SYMSHARE\SNDSrvc.exe -> [2004-08-27 22:02:54 | 00,206,048 | R--- | M] (Symantec Corporation) SNDInst.exe -> %UserProfile%\Lokala inställningar\Temp\SymNet\SYMSHARE\SNDInst.exe -> [2004-08-27 22:02:50 | 00,029,920 | R--- | M] (Symantec Corporation) SNDunin.dll -> %UserProfile%\Lokala inställningar\Temp\SymNet\SYMSHARE\SNDunin.dll -> [2004-08-27 22:02:36 | 00,083,096 | R--- | M] (Symantec Corporation) SymNeti.dll -> %UserProfile%\Lokala inställningar\Temp\SymNet\System32\SymNeti.dll -> [2004-08-27 22:02:32 | 00,513,248 | R--- | M] (Symantec Corporation) SymRedir.dll -> %UserProfile%\Lokala inställningar\Temp\SymNet\System32\SymRedir.dll -> [2004-08-27 22:02:30 | 00,140,512 | R--- | M] (Symantec Corporation) Validate.dat -> %UserProfile%\Lokala inställningar\Temp\SymNet\SYMSHARE\Validate.dat -> [2004-08-27 21:51:26 | 00,000,324 | R--- | M] () IdsInst.exe -> %UserProfile%\Lokala inställningar\Temp\SymNet\SYMSHARE\IDS\IdsInst.exe -> [2004-08-24 12:54:18 | 01,225,944 | R--- | M] (Symantec Corporation) VP6VFW.dll -> %UserProfile%\Lokala inställningar\Temp\VP6VFW.dll -> [2004-08-18 09:34:07 | 00,442,368 | R--- | M] (On2.com) VP6Install.exe -> %UserProfile%\Lokala inställningar\Temp\VP6Install.exe -> [2004-08-18 09:34:07 | 00,023,040 | R--- | M] () First15.exe -> %UserProfile%\Lokala inställningar\Temp\First15.exe -> [2004-08-18 09:33:53 | 01,453,843 | R--- | M] (Macromedia, Inc.) [Alternate Data Streams] @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable @Alternate Data Stream - 0 bytes -> %UserProfile%\Skrivbord\Thumbs.db:encryptable [File - Lop Check] Application Data -> C:\Documents and Settings\Administratör\Application Data -> [2005-04-19 19:46:59 | 00,000,000 | ---D | M] Intervideo -> C:\Documents and Settings\Administratör\Application Data\Intervideo -> [2005-01-01 22:33:24 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\All Users\Application Data -> [2009-01-03 11:52:23 | 00,000,000 | RH-D | M] ALM -> C:\Documents and Settings\All Users\Application Data\ALM -> [2008-04-12 23:35:01 | 00,000,000 | ---D | M] ESET -> C:\Documents and Settings\All Users\Application Data\ESET -> [2008-11-23 12:21:31 | 00,000,000 | ---D | M] FirstClass -> C:\Documents and Settings\All Users\Application Data\FirstClass -> [2005-04-27 17:52:12 | 00,000,000 | ---D | M] FLEXnet -> C:\Documents and Settings\All Users\Application Data\FLEXnet -> [2008-04-07 19:04:36 | 00,000,000 | ---D | M] Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft -> [2007-12-23 23:44:02 | 00,000,000 | ---D | M] InterVideo -> C:\Documents and Settings\All Users\Application Data\InterVideo -> [2005-07-20 09:43:05 | 00,000,000 | ---D | M] jword -> C:\Documents and Settings\All Users\Application Data\jword -> [2008-03-01 11:51:24 | 00,000,000 | ---D | M] Motive -> C:\Documents and Settings\All Users\Application Data\Motive -> [2005-01-01 22:51:05 | 00,000,000 | ---D | M] Musicnotes -> C:\Documents and Settings\All Users\Application Data\Musicnotes -> [2008-04-11 22:08:21 | 00,000,000 | ---D | M] PopCap -> C:\Documents and Settings\All Users\Application Data\PopCap -> [2005-07-09 20:52:02 | 00,000,000 | ---D | M] SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [2005-01-01 20:53:22 | 00,000,000 | ---D | M] Sibelius Software -> C:\Documents and Settings\All Users\Application Data\Sibelius Software -> [2008-08-22 21:28:41 | 00,000,000 | ---D | M] SSScanAppDataDir -> C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir -> [2005-05-07 13:52:34 | 00,000,000 | ---D | M] SSScanWizard -> C:\Documents and Settings\All Users\Application Data\SSScanWizard -> [2005-05-07 13:52:34 | 00,000,000 | ---D | M] TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2008-04-08 17:03:59 | 00,000,000 | ---D | M] Trymedia -> C:\Documents and Settings\All Users\Application Data\Trymedia -> [2005-09-10 15:22:28 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\Default User\Application Data -> [2005-05-29 17:29:57 | 00,000,000 | RH-D | M] Intervideo -> C:\Documents and Settings\Default User\Application Data\Intervideo -> [2005-01-01 22:33:24 | 00,000,000 | ---D | M] SampleView -> C:\Documents and Settings\Default User\Application Data\SampleView -> [2005-01-02 14:58:36 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\LocalService\Application Data -> [2008-05-30 10:43:44 | 00,000,000 | ---D | M] WTablet -> C:\Documents and Settings\LocalService\Application Data\WTablet -> [2008-05-30 10:43:44 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\NetworkService\Application Data -> [2005-04-25 18:58:17 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\User\Application Data -> [2008-12-29 21:04:56 | 00,000,000 | RH-D | M] Grisoft -> C:\Documents and Settings\User\Application Data\Grisoft -> [2008-12-29 12:51:15 | 00,000,000 | ---D | M] Intervideo -> C:\Documents and Settings\User\Application Data\Intervideo -> [2005-01-01 22:33:24 | 00,000,000 | ---D | M] Magic Set Editor -> C:\Documents and Settings\User\Application Data\Magic Set Editor -> [2008-12-29 14:58:40 | 00,000,000 | ---D | M] SampleView -> C:\Documents and Settings\User\Application Data\SampleView -> [2005-01-02 14:58:36 | 00,000,000 | ---D | M] WTablet -> C:\Documents and Settings\User\Application Data\WTablet -> [2008-12-29 12:50:55 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\Ägaren\Application Data -> [2005-06-27 21:15:37 | 00,000,000 | ---D | M] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008-11-23 11:10:45 | 00,000,000 | --SD | M] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004-08-04 11:00:00 | 00,000,065 | RH-- | M] () SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2009-01-04 12:18:29 | 00,000,006 | -H-- | M] () [File - Purity Scan] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 Det går inte att hitta filen. scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40] "ujdew"=hex:20,02,00,00,c1,6d,b6,88,68,77,85,21,11,a8,85,10,83,28,e9,5f,29,.. "ljej40"=hex:67,aa,9c,8e,ae,f4,93,64,a4,74,fe,2b,bd,e4,0e,76,63,b8,10,86,18,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\qg\x00b9e\xa8\x2dc^y2\x201c_] "SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,b0,d8,19,00,00,00,00,1e,55,b7,ef,6e,.. "Changed"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] "DisplayName"="Alcohol 120%" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qg\x00b9e\xa8\x2dc^y2\x201c_] "Inno Setup: Setup Version"="5.1.13" "Inno Setup: App Path"="C:\Games\Touhou - Mountain of Faith" "InstallLocation"="C:\Games\Touhou - Mountain of Faith\" "Inno Setup: Icon Group"="\x4e0a\x6d77\x30a2\x30ea\x30b9\x5e7b\x6a02\x56e3\\x6771\x65b9\x98a8\x795e\x9332" "Inno Setup: User"="HP_Agaren" "Inno Setup: Selected Tasks"="" "Inno Setup: Deselected Tasks"="desktopicon,startmenuicon" "DisplayName"="\x6771\x65b9\x98a8\x795e\x9332 ver 1.00a" "DisplayIcon"="C:\Games\Touhou - Mountain of Faith\th10.exe" "UninstallString"=""C:\Games\Touhou - Mountain of Faith\unins000.exe"" "QuietUninstallString"=""C:\Games\Touhou - Mountain of Faith\unins000.exe" /SILENT" "NoModify"=dword:00000001 "NoRepair"=dword:00000001 "InstallDate"="20080527" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 Det går inte att hitta filen. C:\Documents and Settings\All Users\Application Data\TEMP:98781370 108 bytes scan completed successfully hidden files: 20 < End of report > [/code]