[Line]

Hi!

For some days this pc has been runnig a bit slow on the internet. I'm having trouble opening some sites, i.e. youtube, and also I'm beeing redirected to other sites. Sameshitasiteverwas.com is one. I've tried to run anti-malware programs, and they've found some, removed some, but still the problem resists. My last running of Malwarebyte's Anti-Malware didn't find anything, but after a restart it's all the same.

I've read the Malware Removal Guide, downloaded some programs I know nothing about, and feel ready to FIX this! I hope someone have the time and patience to help me!

OTListIt.Txt
OTListIt logfile created on: 10.04.2009 16:24:24 - Run 1
OTListIt2 by OldTimer - Version 2.0.12.2 Folder = C:\Documents and Settings\John\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

1022,48 Mb Total Physical Memory | 423,23 Mb Available Physical Memory | 41,39% Memory free
2,40 Gb Paging File | 1,87 Gb Available in Paging File | 77,74% Paging File free
Paging file location(s): D:\pagefile.sys 1533 3069;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 11,81 Gb Free Space | 40,32% Space Free | Partition Type: NTFS
Drive D: | 268,79 Gb Total Space | 161,13 Gb Free Space | 59,95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNLINE
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
PRC - C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Jensen\Common\JensenUI.exe (Jensen Scandinavia AS.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ntvdm.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\John\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Automatisk LiveUpdate-planlegging [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [Auto | Running]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (comHost [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Ex [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PSI_SVC_2 [Auto | Running]) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (sdAuxService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe (Sony Corporation)
SRV - (sp_rssrv [Auto | Running]) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (Symantec Core LC [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ASAPIW2K [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ASAPIW2K.sys (VOB Computersysteme GmbH)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (d347bus [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (d347prt [Boot | Running]) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (MarvinBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090409.004\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090409.004\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (OMNUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sccmusbm.sys (OMNIKEY AG)
DRV - (PCLEPCI [System | Running]) -- C:\WINDOWS\system32\drivers\pclepci.sys (Pinnacle Systems GmbH)
DRV - (PCTCore [Boot | Running]) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RT80x86 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RT2860.sys (Ralink Technology, Corp.)
DRV - (RTL8023xp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (s3017bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s3017bus.sys (MCCI Corporation)
DRV - (s3017mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys (MCCI Corporation)
DRV - (s3017mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s3017mdm.sys (MCCI Corporation)
DRV - (s3017mgmt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys (MCCI Corporation)
DRV - (s3017nd5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s3017nd5.sys (MCCI Corporation)
DRV - (s3017obex [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s3017obex.sys (MCCI Corporation)
DRV - (s3017unic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s3017unic.sys (MCCI Corporation)
DRV - (s616bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616bus.sys (MCCI Corporation)
DRV - (s616mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616mdfl.sys (MCCI Corporation)
DRV - (s616mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616mdm.sys (MCCI Corporation)
DRV - (s616mgmt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616mgmt.sys (MCCI Corporation)
DRV - (s616nd5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616nd5.sys (MCCI Corporation)
DRV - (s616obex [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616obex.sys (MCCI Corporation)
DRV - (s616unic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616unic.sys (MCCI Corporation)
DRV - (se59bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\se59bus.sys (MCCI)
DRV - (se59mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\se59mdfl.sys (MCCI)
DRV - (se59mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\se59mdm.sys (MCCI)
DRV - (se59mgmt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\se59mgmt.sys (MCCI)
DRV - (se59nd5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\se59nd5.sys (MCCI)
DRV - (se59obex [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\se59obex.sys (MCCI)
DRV - (se59unic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\se59unic.sys (MCCI)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SRTSP [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20090404.001\SymIDSco.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (w800bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w800bus.sys (MCCI)
DRV - (w800mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w800mdfl.sys (MCCI)
DRV - (w800mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w800mdm.sys (MCCI)
DRV - (w800mgmt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w800mgmt.sys (MCCI)
DRV - (w800obex [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w800obex.sys (MCCI)
DRV - (wceusbsh [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60341
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.c...spx?tb_id=60341

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009.04.04 11:22:26 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Koblingshjelpeprogram for Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton-verktøylinjen) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup (Corel, Inc.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" (ScanSoft, Inc.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] "D:\programfiles\quick time\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions ()
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Jensen AirLink Utility.lnk = C:\Program Files\Jensen\Common\JensenUI.exe (Jensen Scandinavia AS.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = D:\Programfiles\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Opprett mobil favoritt - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1193017252146 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.eurofoto....geUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.eurofoto....geUploader4.cab (Image Uploader Control)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\System32\fde32.dll) - C:\WINDOWS\System32\fde32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\7c285535565: DllName - C:\WINDOWS\System32\fde32.dll - C:\WINDOWS\System32\fde32.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[33 C:\WINDOWS\*.tmp files]
[2009.04.10 16:11:16 | 00,500,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTListIt2.exe
[2009.04.10 15:57:25 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Rooter.exe
[2009.04.10 15:56:43 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009.04.10 15:30:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.04.10 15:28:39 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\John\Desktop\NTREGOPT.lnk
[2009.04.10 15:28:39 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\John\Desktop\ERUNT.lnk
[2009.04.10 15:28:37 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009.04.10 14:54:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\SysRestorePoint_v13
[2009.04.10 14:53:56 | 00,009,334 | ---- | C] () -- C:\Documents and Settings\John\Desktop\SysRestorePoint_v13.zip
[2009.04.10 14:36:35 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\John\Desktop\HijackThis.lnk
[2009.04.10 14:36:34 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009.04.10 14:36:25 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\John\Desktop\HJTInstall.exe
[2009.04.10 14:24:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\HouseCall 6.6
[2009.04.10 01:36:34 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009.04.10 01:36:24 | 00,130,424 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009.04.10 01:36:24 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009.04.10 01:36:16 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009.04.10 01:36:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009.04.10 01:36:06 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009.04.10 01:36:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\PC Tools
[2009.04.10 01:36:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009.04.10 01:34:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009.04.10 01:34:53 | 00,000,954 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009.04.09 17:50:54 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009.04.09 16:11:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Uniblue
[2009.04.09 14:17:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Malwarebytes
[2009.04.09 14:17:31 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.04.09 14:17:31 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.04.09 14:17:28 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.04.09 14:17:27 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009.04.09 14:17:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009.04.09 14:04:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Downloaded Installations
[2009.04.06 18:06:35 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009.04.06 18:05:53 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009.04.06 18:05:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009.04.06 18:05:12 | 00,001,482 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009.04.05 19:22:55 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2009.04.05 19:21:19 | 00,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009.04.05 19:21:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Spyware Terminator
[2009.04.05 19:21:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009.04.05 19:21:07 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2009.04.05 14:32:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Corel
[2009.04.05 11:16:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.04.05 11:15:28 | 23,608,320 | ---- | C] (PC Tools ) -- C:\Documents and Settings\John\Desktop\sdsetup.exe
[2009.03.31 20:43:53 | 00,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009.03.31 20:43:53 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\AD4CF59E02.sys
[2009.03.30 14:23:59 | 00,001,403 | -HS- | C] () -- C:\WINDOWS\System32\GroupPolicy000.dat
[2009.03.30 14:23:56 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\fde32.dll
[2009.03.30 14:23:56 | 00,005,737 | -HS- | C] () -- C:\Documents and Settings\John\Application Data\02000000f1a73d14565C.manifest
[2009.03.30 14:23:56 | 00,001,812 | -HS- | C] () -- C:\Documents and Settings\John\Application Data\02000000f1a73d14565P.manifest
[2009.03.30 14:23:56 | 00,000,344 | -HS- | C] () -- C:\Documents and Settings\John\Application Data\02000000f1a73d14565O.manifest
[2009.03.30 14:23:56 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\John\Application Data\02000000f1a73d14565S.manifest
[2009.03.29 23:12:51 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Rapport.doc
[2009.03.29 00:00:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\My PSP Files
[2009.03.29 00:00:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Corel
[2009.03.28 23:58:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2009.03.28 23:58:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2009.03.28 23:58:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Corel
[2009.03.28 23:51:42 | 00,000,000 | ---D | C] -- C:\Program Files\Corel
[2008.11.19 23:16:29 | 00,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2008.11.19 23:07:20 | 00,001,289 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2008.11.19 23:07:15 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2008.11.19 23:07:14 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2008.11.19 23:07:14 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2008.11.19 23:07:14 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2008.11.19 23:07:14 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2008.04.09 21:18:27 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2008.04.05 20:34:48 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2008.04.05 20:34:48 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2007.11.13 15:28:58 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.11.08 15:04:51 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007.11.08 15:04:07 | 00,000,921 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007.11.01 21:16:34 | 00,000,049 | ---- | C] () -- C:\WINDOWS\clue.ini
[2007.10.27 23:11:47 | 00,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007.10.27 18:04:57 | 00,000,067 | ---- | C] () -- C:\WINDOWS\blaafjell.ini
[2007.10.23 16:39:31 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5m.DLL
[2007.10.23 13:28:14 | 00,000,169 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007.10.22 23:50:09 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.10.22 02:18:47 | 00,001,068 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007.07.25 10:24:30 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006.07.20 20:58:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.07.20 20:58:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.07.20 20:58:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.07.20 20:58:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.07.20 20:58:00 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006.02.26 11:08:28 | 00,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005.08.05 15:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004.12.20 19:24:03 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004.08.22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004.08.10 21:00:00 | 00,000,601 | ---- | C] () -- C:\WINDOWS\win.ini
[2004.08.10 21:00:00 | 00,000,257 | ---- | C] () -- C:\WINDOWS\system.ini
[2001.03.30 22:58:36 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\Property.dll
[1999.10.19 14:17:00 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[33 C:\WINDOWS\*.tmp files]
[2009.04.10 16:22:54 | 00,001,812 | -HS- | M] () -- C:\Documents and Settings\John\Application Data\02000000f1a73d14565P.manifest
[2009.04.10 16:11:23 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTListIt2.exe
[2009.04.10 16:04:10 | 00,005,737 | -HS- | M] () -- C:\Documents and Settings\John\Application Data\02000000f1a73d14565C.manifest
[2009.04.10 16:03:41 | 00,000,954 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009.04.10 16:03:20 | 00,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009.04.10 16:03:08 | 00,000,344 | -HS- | M] () -- C:\Documents and Settings\John\Application Data\02000000f1a73d14565O.manifest
[2009.04.10 16:03:08 | 00,000,011 | -HS- | M] () -- C:\Documents and Settings\John\Application Data\02000000f1a73d14565S.manifest
[2009.04.10 16:03:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.04.10 16:02:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.04.10 15:57:28 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Rooter.exe
[2009.04.10 15:45:52 | 00,469,108 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.04.10 15:45:52 | 00,401,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.04.10 15:45:52 | 00,062,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.04.10 15:41:54 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.04.10 15:28:39 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\John\Desktop\NTREGOPT.lnk
[2009.04.10 15:28:39 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\John\Desktop\ERUNT.lnk
[2009.04.10 14:54:09 | 00,009,334 | ---- | M] () -- C:\Documents and Settings\John\Desktop\SysRestorePoint_v13.zip
[2009.04.10 14:52:24 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2009.04.10 14:52:24 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.04.10 14:36:35 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\John\Desktop\HijackThis.lnk
[2009.04.10 14:36:30 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\John\Desktop\HJTInstall.exe
[2009.04.10 00:13:17 | 00,001,403 | -HS- | M] () -- C:\WINDOWS\System32\GroupPolicy000.dat
[2009.04.09 22:49:49 | 00,000,558 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Mine delte mapper.lnk
[2009.04.09 15:06:46 | 00,000,049 | ---- | M] () -- C:\WINDOWS\clue.ini
[2009.04.09 14:17:31 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.04.07 23:28:49 | 00,000,601 | ---- | M] () -- C:\WINDOWS\win.ini
[2009.04.07 23:28:49 | 00,000,257 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.04.07 19:08:30 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009.04.07 17:01:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009.04.06 18:05:12 | 00,001,482 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009.04.06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.04.06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.04.05 19:22:55 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2009.04.05 19:21:19 | 00,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009.04.05 15:04:17 | 00,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009.04.05 11:15:36 | 23,608,320 | ---- | M] (PC Tools ) -- C:\Documents and Settings\John\Desktop\sdsetup.exe
[2009.04.05 00:11:49 | 00,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Jensen AirLink Utility.lnk
[2009.04.04 23:58:06 | 03,183,544 | -H-- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\IconCache.db
[2009.03.31 20:43:53 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\AD4CF59E02.sys
[2009.03.30 14:23:56 | 00,139,264 | ---- | M] () -- C:\WINDOWS\System32\fde32.dll
[2009.03.30 12:50:41 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.29 23:44:06 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Rapport.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Extrax.Txt
OTListIt Extras logfile created on: 10.04.2009 16:24:24 - Run 1
OTListIt2 by OldTimer - Version 2.0.12.2 Folder = C:\Documents and Settings\John\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

1022,48 Mb Total Physical Memory | 423,23 Mb Available Physical Memory | 41,39% Memory free
2,40 Gb Paging File | 1,87 Gb Available in Paging File | 77,74% Paging File free
Paging file location(s): D:\pagefile.sys 1533 3069;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 11,81 Gb Free Space | 40,32% Space Free | Partition Type: NTFS
Drive D: | 268,79 Gb Total Space | 161,13 Gb Free Space | 59,95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNLINE
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 (SmartSoft Ltd.)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
D:\Programfiles\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui ()
C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager (Pinnacle Systems, Inc.)
C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio (Pinnacle Systems)
C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile ( )
C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi (Pinnacle Systems, Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000414-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{022DA2C3-81C7-4003-A6BC-1BB147B20097}" = SuppSoft
"{075443E5-5426-4B1E-B8E7-CC23A0BB87E6}" = Localization Pack for Microsoft Windows XP Media Center Edition
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1CA941F1-5006-487E-9FD4-09F812A7D6B8}" = Norton 360 Help
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.209.00
"{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}" = Norton Confidential Web Authentification Component
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{3EAC35F4-FF26-4123-9404-0B5B93DAB570}" = Microsoft .NET Framework 1.1 Norwegian Language Pack
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{4218D9DC-282B-4596-BEA5-F20560C14400}" = Windows Live installer
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{5D3543CC-82B3-447E-B7D5-430C41946A54}" = Hoyle Puzzle Games 2003
"{5FA1C51C-6E35-42C1-B2EC-DC9FA1E20694}" = OpenMG Secure Module 3.3.01
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6EA3D26C-65E0-4038-8429-67277457BCE8}" = Symantec Real Time Storage Protection Component
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Jensen Air:Link 83300
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92B1B3CC-EC78-45B8-96D0-8B3F11495864}" = Symantec Technical Support Controls
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI (Studio 10)
"{AC76BA86-7AD7-1044-7B44-A81200000003}" = Adobe Reader 8.1.2 - Norsk
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BAF5914B-5730-4373-B038-9F436AC6A0D6}" = Rayman3
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C7EEC93A-2A61-4B1E-B696-A264680A889D}" = MobileMe Control Panel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}" = Windows Live Messenger
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID (Studio 10)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{FE6397C1-CECA-4EC3-B064-42AED7676898}" = Sony Ericsson PC Suite
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"BitTornado" = BitTornado 0.3.18
"Blåfjell" = Blåfjell
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CANONBJ_Deinstall_CNMCP5m.DLL" = Canon i865
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 2.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint Plus" = Canon Utilities Easy-PhotoPrint Plus
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"Exact Audio Copy" = Exact Audio Copy 0.95b4
"FLAC" = FLAC Installer 1.1.2a (remove only)
"foobar2000" = foobar2000 v0.9.5.1
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{5D3543CC-82B3-447E-B7D5-430C41946A54}" = Hoyle Puzzle Games 2003
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire 4.18.8
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix3.3-03-08-26-01" = OpenMG Limited Patch 3.3-03-09-03-01
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"rayman2" = rayman2
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"Spyware Doctor" = Spyware Doctor 6.0
"Spyware Terminator_is1" = Spyware Terminator
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 Online (Symantec Corporation)
"Toy Story 2" = Toy Story 2
"TradersLittleHelper_is1" = Trader's Little Helper 1.1.1
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"Windows CE Services" = Microsoft ActiveSync 3.8
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Arkiverer
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01.04.2009 13:19:21 | Computer Name = JOHNLINE | Source = Application Hang | ID = 1002
Description = Hengende program LimeWire.exe, versjon 1.0.0.2, hengende modul hungapp,
versjon 0.0.0.0, hengeadresse 0x00000000.

Error - 03.04.2009 17:08:40 | Computer Name = JOHNLINE | Source = Application Error | ID = 1000
Description = Feilende program rundll32.exe, versjon 5.1.2600.5512, feilende modul
hotplug.dll, versjon 5.1.2600.5512, feiladresse 0x000054b2.

Error - 04.04.2009 18:41:36 | Computer Name = JOHNLINE | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 04.04.2009 18:42:56 | Computer Name = JOHNLINE | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 04.04.2009 18:44:11 | Computer Name = JOHNLINE | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 04.04.2009 18:48:27 | Computer Name = JOHNLINE | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 04.04.2009 19:00:50 | Computer Name = JOHNLINE | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 05.04.2009 04:59:34 | Computer Name = JOHNLINE | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 09.04.2009 10:08:50 | Computer Name = JOHNLINE | Source = Application Hang | ID = 1002
Description = Hengende program mbam.exe, versjon 1.36.0.0, hengende modul hungapp,
versjon 0.0.0.0, hengeadresse 0x00000000.

Error - 09.04.2009 10:08:57 | Computer Name = JOHNLINE | Source = Application Hang | ID = 1001
Description = Feil i minneområdet 1217678172.

[ System Events ]
Error - 09.04.2009 08:25:54 | Computer Name = JOHNLINE | Source = sr | ID = 1
Description = Systemgjenopprettingsfilteret fikk den uventede feilen 0xC0000001
under behandling av filen på volum HarddiskVolume1. Det har sluttet å overvåke
volumet.

Error - 09.04.2009 08:34:59 | Computer Name = JOHNLINE | Source = sr | ID = 1
Description = Systemgjenopprettingsfilteret fikk den uventede feilen 0xC0000001
under behandling av filen på volum HarddiskVolume1. Det har sluttet å overvåke
volumet.

Error - 09.04.2009 08:35:09 | Computer Name = JOHNLINE | Source = Service Control Manager | ID = 7034
Description = Tjenesten NVIDIA Display Driver Service stoppet uventet. Dette har
skjedd 1 gang(er).

Error - 09.04.2009 11:51:37 | Computer Name = JOHNLINE | Source = DCOM | ID = 10005
Description = DCOM fikk feilen "%1084" ved forsøk på å starte tjenesten EventSystem
med argument "" for å kunne kjøre server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 09.04.2009 11:52:33 | Computer Name = JOHNLINE | Source = Service Control Manager | ID = 7026
Description = Følgende oppstarts- eller systemstartsdriver(e) kan ikke lastes inn:
AmdK8 eeCtrl Fips PCLEPCI SPBBCDrv SRTSPX SYMTDI

Error - 09.04.2009 11:58:12 | Computer Name = JOHNLINE | Source = DCOM | ID = 10005
Description = DCOM fikk feilen "%1084" ved forsøk på å starte tjenesten EventSystem
med argument "" for å kunne kjøre server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 09.04.2009 11:59:28 | Computer Name = JOHNLINE | Source = DCOM | ID = 10005
Description = DCOM fikk feilen "%1084" ved forsøk på å starte tjenesten EventSystem
med argument "" for å kunne kjøre server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 09.04.2009 12:00:43 | Computer Name = JOHNLINE | Source = Service Control Manager | ID = 7026
Description = Følgende oppstarts- eller systemstartsdriver(e) kan ikke lastes inn:
AmdK8 eeCtrl Fips ohci1394 PCLEPCI SPBBCDrv SRTSPX SYMTDI

Error - 09.04.2009 12:02:55 | Computer Name = JOHNLINE | Source = DCOM | ID = 10005
Description = DCOM fikk feilen "%1084" ved forsøk på å starte tjenesten EventSystem
med argument "" for å kunne kjøre server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10.04.2009 07:15:19 | Computer Name = JOHNLINE | Source = sr | ID = 1
Description = Systemgjenopprettingsfilteret fikk den uventede feilen 0xC0000001
under behandling av filen på volum HarddiskVolume1. Det har sluttet å overvåke
volumet.


< End of report >

Rooter
Microsoft Windows XP Professional (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:29996 Mo/Free:3902 Mo)
D:\ [Fixed] - NTFS - (Total:275238 Mo/Free:1155 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)
K:\ [Removable] (Total:0 Mo/Free:0 Mo)
L:\ [Removable] (Total:0 Mo/Free:0 Mo)

10.04.2009|16:29

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\SCardSvr.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
---------- C:\WINDOWS\RTHDCPL.EXE
---------- C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
---------- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
---------- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
---------- C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\WINDOWS\eHome\ehRecvr.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
---------- C:\WINDOWS\eHome\ehSched.exe
---------- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\Jensen\Common\JensenUI.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
---------- C:\Program Files\Spyware Terminator\sp_rsser.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\WINDOWS\ehome\mcrdsvc.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\dllhost.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\ntvdm.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - 10.04.2009|15:59
2 - "C:\Rooter$\Rooter_2.txt" - 10.04.2009|16:31

----------------------\\ Scan completed at 16:31

[Advertisements]

Hello Line !

Welcome to the site! My nickname is heir and I'll be helping clean up your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

• To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
• Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
• When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
• Make sure you reply to this thread using the Add Reply button:

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

Step 1.
ComboFix:

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Step 2.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 3.
Things I would like to see in your reply:

• The content of C:\ComboFix.txt from step 1.
• The content of C:\lopR.txt from step 2.
• Information on how your computer is running now.

[heir]

Hello Line !

Welcome to the site! My nickname is heir and I'll be helping clean up your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

• To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
• Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
• When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
• Make sure you reply to this thread using the Add Reply button:

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

Step 1.
ComboFix:

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Step 2.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 3.
Things I would like to see in your reply:

• The content of C:\ComboFix.txt from step 1.
• The content of C:\lopR.txt from step 2.
• Information on how your computer is running now.

[Line]

First of all: Thank you for answering and trying to help!

Ran into a problem straight ahead, of course. Disableing Norton 360 wasn't as straigth forward as I would think.... I've unchecked every box I can find, still it says the autoprotect is on. I've tried browsing the symantec site without finding any solution. Any suggestions? Could I just ctrl+alt+del and shut it down completely..? Tho it's not in the program list, and I really don't know what is what in the running process-list.

[Line]

Never mind - I found it!

[Line]

The combofix.txt
ComboFix 09-04-13.A2 - John 2009-04-13 23:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.514 [GMT 2:00]
Kjører fra: c:\documents and settings\John\Desktop\ComboFix.exe
AV: Norton 360 Online *On-access scanning disabled* (Outdated)
FW: Norton 360 Online *disabled*
* Opprettet nytt gjenopprettingspunkt
.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\02000000f1a73d14565C.manifest
c:\documents and settings\Administrator\Application Data\02000000f1a73d14565O.manifest
c:\documents and settings\Administrator\Application Data\02000000f1a73d14565P.manifest
c:\documents and settings\Administrator\Application Data\02000000f1a73d14565S.manifest
c:\documents and settings\John\Application Data\02000000f1a73d14565C.manifest
c:\documents and settings\John\Application Data\02000000f1a73d14565O.manifest
c:\documents and settings\John\Application Data\02000000f1a73d14565P.manifest
c:\documents and settings\John\Application Data\02000000f1a73d14565S.manifest
c:\windows\system32\GroupPolicy000.dat

.
((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-13 til 2009-04-13 )))))))))))))))))))))))))))))))))
.

2009-04-13 17:15 . 2009-04-13 17:16 -------- d-sh--w c:\windows\system32\NetworkService32
2009-04-10 13:56 . 2009-04-10 14:31 -------- d-----w C:\Rooter$
2009-04-10 12:24 . 2009-04-10 12:57 -------- d-----w c:\documents and settings\John\Application Data\HouseCall 6.6
2009-04-09 23:36 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-09 23:36 . 2009-03-06 14:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-09 23:36 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-09 23:36 . 2008-12-10 10:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-09 23:36 . 2009-04-09 23:36 -------- d-----w c:\documents and settings\John\Application Data\PC Tools
2009-04-09 23:36 . 2009-04-09 23:36 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-04-09 23:34 . 2009-04-13 14:25 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-09 15:53 . 2009-04-09 15:53 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-04-09 14:11 . 2009-04-09 14:11 -------- d-----w c:\documents and settings\John\Application Data\Uniblue
2009-04-09 12:53 . 2009-04-09 13:08 -------- d-----w c:\documents and settings\John\.housecall6.6
2009-04-09 12:17 . 2009-04-09 12:17 -------- d-----w c:\documents and settings\John\Application Data\Malwarebytes
2009-04-09 12:17 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-09 12:17 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-09 12:17 . 2009-04-09 12:17 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-09 12:04 . 2009-04-09 12:04 -------- d-----w c:\documents and settings\John\Local Settings\Application Data\Downloaded Installations
2009-04-06 16:05 . 2009-04-06 16:06 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-05 17:21 . 2009-04-05 17:21 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-04-05 17:21 . 2009-04-09 11:42 -------- d-----w c:\documents and settings\John\Application Data\Spyware Terminator
2009-04-05 17:21 . 2009-04-09 11:46 -------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-04-05 12:32 . 2009-04-05 12:59 -------- d-----w c:\documents and settings\John\Local Settings\Application Data\Corel
2009-04-05 09:16 . 2009-04-10 00:38 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-04 09:22 . 2009-03-09 03:19 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-31 18:43 . 2009-04-05 13:04 2516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-03-31 18:43 . 2009-03-31 18:43 8 --sh--r c:\documents and settings\All Users\Application Data\AD4CF59E02.sys
2009-03-30 12:23 . 2009-03-30 12:23 139264 ----a-w c:\windows\system32\fde32.dll
2009-03-28 22:00 . 2009-03-31 18:44 -------- d-----w c:\documents and settings\John\Application Data\Corel
2009-03-28 21:58 . 2009-03-28 22:00 -------- d-----w c:\documents and settings\All Users\Application Data\Corel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 21:21 . 2007-10-22 02:15 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-13 20:35 . 2007-10-22 15:09 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-10 14:31 . 2009-04-10 13:59 3192 ----a-w C:\Rooter.txt
2009-04-10 13:29 . 2009-04-10 13:28 -------- d-----w c:\program files\ERUNT
2009-04-10 12:36 . 2009-04-10 12:36 -------- d-----w c:\program files\Trend Micro
2009-04-10 00:32 . 2009-04-09 23:36 -------- d-----w c:\program files\Spyware Doctor
2009-04-09 23:36 . 2009-04-09 23:36 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-09 23:34 . 2007-10-26 08:35 -------- d-----w c:\program files\Google
2009-04-09 12:17 . 2009-04-09 12:17 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-09 11:59 . 2007-10-22 00:19 -------- d-----w c:\program files\Java
2009-04-09 11:46 . 2009-04-05 17:21 -------- d-----w c:\program files\Spyware Terminator
2009-04-08 10:18 . 2007-11-27 00:09 -------- d-----w c:\documents and settings\John\Application Data\LimeWire
2009-04-08 07:25 . 2007-12-25 00:18 -------- d-----w c:\documents and settings\John\Application Data\ZoomBrowser EX
2009-04-08 07:18 . 2007-12-25 00:08 -------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-04-06 16:06 . 2009-01-13 20:01 -------- d-----w c:\program files\iTunes
2009-04-06 16:05 . 2009-04-06 16:05 -------- d-----w c:\program files\iPod
2009-04-06 16:05 . 2007-11-28 15:25 -------- d-----w c:\program files\Common Files\Apple
2009-04-05 21:59 . 2007-10-22 21:30 -------- d-----w c:\documents and settings\John\Application Data\foobar2000
2009-04-05 09:00 . 2008-03-01 19:11 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-05 09:00 . 2008-03-01 19:11 -------- d-----w c:\program files\Lavasoft
2009-03-28 21:59 . 2009-03-28 21:58 -------- d-----w c:\program files\Common Files\Corel
2009-03-28 21:58 . 2009-03-28 21:58 -------- d-----w c:\program files\Common Files\Protexis
2009-03-28 21:58 . 2009-03-28 21:51 -------- d-----w c:\program files\Corel
2009-03-03 19:08 . 2008-07-02 22:39 268 ---ha-w C:\sqmdata13.sqm
2009-03-03 19:08 . 2008-07-02 22:39 244 ---ha-w C:\sqmnoopt13.sqm
2009-03-03 07:47 . 2008-07-01 21:46 244 ---ha-w C:\sqmnoopt12.sqm
2009-03-03 07:47 . 2008-07-01 21:46 232 ---ha-w C:\sqmdata12.sqm
2009-02-16 23:25 . 2008-07-01 07:40 268 ---ha-w C:\sqmdata11.sqm
2009-02-16 23:25 . 2008-07-01 07:40 244 ---ha-w C:\sqmnoopt11.sqm
2009-02-09 11:13 . 2005-10-06 00:06 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-01 22:52 . 2008-06-30 22:09 232 ---ha-w C:\sqmdata10.sqm
2009-02-01 22:52 . 2008-06-30 22:09 244 ---ha-w C:\sqmnoopt10.sqm
2009-01-31 20:53 . 2008-05-15 22:34 244 ---ha-w C:\sqmnoopt09.sqm
2009-01-31 20:53 . 2008-05-15 22:34 232 ---ha-w C:\sqmdata09.sqm
2009-01-17 14:32 . 2008-04-02 14:53 244 ---ha-w C:\sqmnoopt08.sqm
2009-01-17 14:32 . 2008-04-02 14:53 232 ---ha-w C:\sqmdata08.sqm
2009-01-17 00:04 . 2008-04-02 00:31 244 ---ha-w C:\sqmnoopt07.sqm
2009-01-17 00:04 . 2008-04-02 00:31 232 ---ha-w C:\sqmdata07.sqm
2009-01-10 23:49 . 2007-10-22 00:35 225592 ----a-w c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-10-22 11:30 . 2007-10-22 11:28 49181904 ----a-w c:\program files\nis2007.exe
2007-10-22 01:50 . 2007-10-22 01:50 127 ------w c:\documents and settings\John\Local Settings\Application Data\fusioncache.dat
.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712]
"QuickTime Task"="d:\programfiles\quick time\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\John\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-28 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-28 113664]
Jensen AirLink Utility.lnk - c:\program files\Jensen\Common\JensenUI.exe [2008-11-11 679936]
Microsoft Office.lnk - d:\programfiles\Office\OSA9.EXE [1999-10-19 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\7c285535565]
2009-03-30 14:23 139264 c:\windows\system32\fde32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\fde32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Programfiles\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 cdiskdun;cdiskdun; [x]
R3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;c:\windows\system32\DRIVERS\sccmusbm.sys [2001-08-17 23936]
R3 RT80x86;Jensen Air:Link 83300 Driver;c:\windows\system32\DRIVERS\RT2860.sys [2007-07-29 537216]
R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-11-07 32000]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]


--- Andre tjenester/drivere lastet i minnet ---

*NewlyCreated* - COMHOST
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-10 01:34]
.
- - - - TOMME PEKERE FJERNET - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe


.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.vg.no/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 23:33
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1482476501-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,31,20,c5,11,59,
ab,34,00,e2,63,26,f1,3f,c8,ff,68,69,ff,4d,72,8e,38,f3,21,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,d7,c2,1b,8c,e1,
dd,c5,f2,6a,9c,d6,61,af,45,84,18,e5,69,62,e2,d0,93,96,4d,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,4a,c1,c4,08,2e,
66,b0,8c,ff,7c,85,e0,43,d4,0e,fe,b0,2c,9b,17,4e,5e,ac,36,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,59,06,5f,dd,b2,
16,41,fa,86,8c,21,01,be,91,eb,e7,19,c3,b1,0b,79,7d,7a,7d,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,05,99,1e,3c,43,
f3,0d,b2,f5,1d,4d,73,a8,13,5c,05,fe,b8,d0,bd,3e,f1,49,9e,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,3e,82,10,c5,a4,
a4,1b,3b,df,20,58,62,78,6b,cf,c8,eb,82,62,4a,5e,c1,bf,12,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,a5,5e,28,9a,f5,
7b,34,9f,fb,a7,78,e6,12,2f,9a,ea,e5,3f,91,61,9c,58,34,6c,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,73,5a,ef,32,80,
68,e9,03,01,3a,48,fc,e8,04,4a,f1,58,52,5f,53,ef,fb,e3,c4,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,11,d5,b1,60,7a,
7e,a1,fd,f6,0f,4e,58,98,5b,89,c9,95,96,47,ae,9e,b4,d1,43,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,f3,0b,26,20,40,
60,1a,79,3d,ce,ea,26,2d,45,aa,78,35,f1,a8,79,45,a5,ed,30,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,89,57,53,8e,b8,
c7,76,51,2a,b7,cc,b5,b9,7f,41,e7,3f,09,e2,1d,be,00,bd,a5,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,db,74,c9,c6,83,
e9,02,05,6c,43,2d,1e,aa,22,2f,9c,9d,32,83,cc,4e,7e,9e,e6,6c,43,2d,1e,aa,22,\
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\System32\fde32.dll

- - - - - - - > 'lsass.exe'(760)
c:\windows\System32\fde32.dll
.
Tidspunkt ferdig: 2009-04-13 23:35
ComboFix-quarantined-files.txt 2009-04-13 21:35

Pre-Run: 12 151 308 288 bytes free
Post-Run: 12,425,936,896 byte ledig

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

292 --- E O F --- 2009-03-20 23:04

The lopR.txt

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon™ 64 X2 Dual Core Processor 3800+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : John ( Administrator )
BOOT : Normal boot
Antivirus : Norton 360 Online 2007 (Not Activated)
Firewall : Norton 360 Online 2007 (Not Activated)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:11 Go)
D:\ (Local Disk) - NTFS - Total:268 Go (Free:161 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)
L:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 13.04.2009|23:37 )

--------------------\\ Listing folders in APPLIC~1

[09.04.2009|17:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[09.04.2009|17:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[0|fil(er)] C:\DOCUME~1\ADMINI~1\APPLIC~1\byte
[4|mappe®] C:\DOCUME~1\ADMINI~1\APPLIC~1\byte ledig

[06.04.2009|18:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[11.11.2008|03:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[07.01.2009|23:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[05.11.2007|16:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[28.11.2007|17:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[28.11.2007|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[02.02.2008|13:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[19.09.2008|17:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[29.03.2009|00:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
[23.01.2009|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[13.04.2009|16:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[27.10.2007|23:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[05.04.2009|11:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[09.04.2009|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[06.03.2009|01:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[12.06.2008|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[10.04.2009|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
[19.11.2008|23:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[19.11.2008|23:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio
[27.10.2007|23:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[19.11.2008|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[09.04.2008|21:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[19.09.2008|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[09.04.2009|13:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
[13.04.2009|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[29.08.2008|21:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
[10.04.2009|02:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[22.10.2007|03:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[18.03.2008|12:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[08.04.2009|09:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZoomBrowser
[0|fil(er)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte
[32|mappe®] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte ledig

[22.10.2007|02:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|fil(er)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte
[3|mappe®] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte ledig

[05.12.2007|00:02] C:\DOCUME~1\John\APPLIC~1\.BitTornado
[07.11.2007|11:17] C:\DOCUME~1\John\APPLIC~1\AccurateRip
[31.01.2009|01:04] C:\DOCUME~1\John\APPLIC~1\Adobe
[28.11.2007|17:27] C:\DOCUME~1\John\APPLIC~1\Apple Computer
[27.10.2007|23:16] C:\DOCUME~1\John\APPLIC~1\ArcSoft
[05.01.2009|20:09] C:\DOCUME~1\John\APPLIC~1\Canon
[23.06.2008|14:50] C:\DOCUME~1\John\APPLIC~1\CD-LabelPrint
[31.03.2009|20:44] C:\DOCUME~1\John\APPLIC~1\Corel
[05.04.2009|23:59] C:\DOCUME~1\John\APPLIC~1\foobar2000
[18.01.2008|20:48] C:\DOCUME~1\John\APPLIC~1\Google
[08.11.2007|15:09] C:\DOCUME~1\John\APPLIC~1\Help
[10.04.2009|14:57] C:\DOCUME~1\John\APPLIC~1\HouseCall 6.6
[23.10.2007|00:39] C:\DOCUME~1\John\APPLIC~1\Identities
[19.09.2008|17:40] C:\DOCUME~1\John\APPLIC~1\InstallShield
[08.04.2009|12:18] C:\DOCUME~1\John\APPLIC~1\LimeWire
[22.10.2007|20:19] C:\DOCUME~1\John\APPLIC~1\Macromedia
[09.04.2009|14:17] C:\DOCUME~1\John\APPLIC~1\Malwarebytes
[30.12.2007|22:40] C:\DOCUME~1\John\APPLIC~1\Media Player Classic
[25.11.2008|18:52] C:\DOCUME~1\John\APPLIC~1\Microsoft
[22.10.2007|23:44] C:\DOCUME~1\John\APPLIC~1\Microsoft Web Folders
[18.01.2009|13:40] C:\DOCUME~1\John\APPLIC~1\Opera
[10.04.2009|01:36] C:\DOCUME~1\John\APPLIC~1\PC Tools
[27.10.2007|23:11] C:\DOCUME~1\John\APPLIC~1\ScanSoft
[03.11.2007|01:45] C:\DOCUME~1\John\APPLIC~1\SmartFTP
[29.08.2008|21:15] C:\DOCUME~1\John\APPLIC~1\Sony Ericsson
[09.04.2009|13:42] C:\DOCUME~1\John\APPLIC~1\Spyware Terminator
[25.10.2007|23:56] C:\DOCUME~1\John\APPLIC~1\Sun
[04.11.2007|21:00] C:\DOCUME~1\John\APPLIC~1\Symantec
[27.10.2007|19:48] C:\DOCUME~1\John\APPLIC~1\Syntrillium
[29.08.2008|21:19] C:\DOCUME~1\John\APPLIC~1\Teleca
[09.04.2009|16:11] C:\DOCUME~1\John\APPLIC~1\Uniblue
[20.11.2008|00:45] C:\DOCUME~1\John\APPLIC~1\vlc
[27.02.2008|22:40] C:\DOCUME~1\John\APPLIC~1\WinRAR
[08.04.2009|09:25] C:\DOCUME~1\John\APPLIC~1\ZoomBrowser EX
[0|fil(er)] C:\DOCUME~1\John\APPLIC~1\byte
[36|mappe®] C:\DOCUME~1\John\APPLIC~1\byte ledig

[22.10.2007|02:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|fil(er)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte
[3|mappe®] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte ledig

[19.03.2008|09:20] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|fil(er)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte
[3|mappe®] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte ledig

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[13.04.2009 17:28][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[07.04.2009 17:01][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[13.04.2009 23:35][--ah-----] C:\WINDOWS\tasks\SA.DAT
[10.08.2004 21:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[07.01.2009|23:34] C:\Program Files\Adobe
[05.11.2007|16:07] C:\Program Files\Ahead
[27.08.2008|10:40] C:\Program Files\Apple Software Update
[27.10.2007|23:10] C:\Program Files\ArcSoft
[19.09.2008|17:50] C:\Program Files\Avanquest update
[28.12.2007|23:20] C:\Program Files\AVSMedia
[20.11.2008|01:32] C:\Program Files\Boilsoft MOV Converter
[05.01.2009|19:41] C:\Program Files\Canon
[27.10.2007|23:08] C:\Program Files\CanonBJ
[13.04.2009|23:29] C:\Program Files\Common Files
[22.10.2007|02:09] C:\Program Files\ComPlus Applications
[30.11.2007|01:06] C:\Program Files\coolpro2
[28.03.2009|23:58] C:\Program Files\Corel
[27.10.2007|15:47] C:\Program Files\directx
[05.04.2008|20:34] C:\Program Files\D-Tools
[05.04.2008|20:16] C:\Program Files\EA GAMES
[10.04.2009|15:29] C:\Program Files\ERUNT
[06.11.2007|23:52] C:\Program Files\Exact Audio Copy
[28.11.2007|11:37] C:\Program Files\FLAC
[30.03.2008|00:45] C:\Program Files\foobar2000
[10.04.2009|01:34] C:\Program Files\Google
[08.01.2009|00:10] C:\Program Files\InstallShield Installation Information
[12.02.2009|01:18] C:\Program Files\Internet Explorer
[06.04.2009|18:05] C:\Program Files\iPod
[05.03.2008|03:14] C:\Program Files\IrfanView
[06.04.2009|18:06] C:\Program Files\iTunes
[09.04.2009|13:59] C:\Program Files\Java
[11.11.2008|02:12] C:\Program Files\Jensen
[05.04.2009|11:00] C:\Program Files\Lavasoft
[14.12.2008|13:38] C:\Program Files\LimeWire
[09.04.2009|14:17] C:\Program Files\Malwarebytes' Anti-Malware
[19.08.2008|22:22] C:\Program Files\Messenger
[20.06.2008|15:43] C:\Program Files\Microsoft ActiveSync
[23.10.2007|02:34] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[22.10.2007|23:46] C:\Program Files\microsoft frontpage
[25.11.2008|18:55] C:\Program Files\Microsoft Office
[22.10.2007|23:47] C:\Program Files\Microsoft Visual Studio
[19.08.2008|22:16] C:\Program Files\Movie Maker
[25.11.2008|18:55] C:\Program Files\MSECache
[22.10.2007|02:06] C:\Program Files\MSN
[22.10.2007|02:06] C:\Program Files\MSN Gaming Zone
[29.10.2007|00:30] C:\Program Files\MSXML 4.0
[19.08.2008|22:11] C:\Program Files\NetMeeting
[22.10.2007|02:12] C:\Program Files\Online Services
[19.08.2008|22:11] C:\Program Files\Outlook Express
[19.11.2008|23:12] C:\Program Files\Pinnacle
[08.01.2009|00:10] C:\Program Files\PSCS2
[27.10.2007|23:11] C:\Program Files\ScanSoft
[01.04.2008|00:48] C:\Program Files\SmartFTP Client
[01.04.2008|00:47] C:\Program Files\SmartFTP Client 3.0 Setup Files
[19.11.2008|23:08] C:\Program Files\SmartSound Software
[09.04.2008|21:18] C:\Program Files\Sony
[19.09.2008|17:41] C:\Program Files\Sony Ericsson
[10.04.2009|02:32] C:\Program Files\Spyware Doctor
[09.04.2009|13:46] C:\Program Files\Spyware Terminator
[15.07.2008|09:52] C:\Program Files\Sun
[06.01.2009|16:07] C:\Program Files\Symantec
[10.04.2009|14:36] C:\Program Files\Trend Micro
[22.10.2007|02:35] C:\Program Files\Uninstall Information
[20.11.2008|00:33] C:\Program Files\VideoLAN
[19.03.2008|12:16] C:\Program Files\Windows Live
[19.08.2008|22:11] C:\Program Files\Windows Media Player
[19.08.2008|22:11] C:\Program Files\Windows NT
[22.10.2007|02:09] C:\Program Files\Windows Plus
[22.10.2007|02:33] C:\Program Files\Windows XP MUI Pack
[22.10.2007|02:12] C:\Program Files\WindowsUpdate
[27.02.2008|22:40] C:\Program Files\WinRAR
[23.10.2007|13:28] C:\Program Files\WON
[22.10.2007|02:21] C:\Program Files\xerox
[0|fil(er)] C:\Program Files\byte
[71|mappe®] C:\Program Files\byte ledig

--------------------\\ Listing Folders in C:\Program Files\Common Files

[07.01.2009|23:32] C:\Program Files\Common Files\Adobe
[07.01.2009|23:31] C:\Program Files\Common Files\Adobe Systems Shared
[05.11.2007|16:05] C:\Program Files\Common Files\Ahead
[06.04.2009|18:05] C:\Program Files\Common Files\Apple
[28.12.2007|23:20] C:\Program Files\Common Files\AVSMedia
[25.12.2007|02:07] C:\Program Files\Common Files\CANON
[28.03.2009|23:59] C:\Program Files\Common Files\Corel
[22.10.2007|23:47] C:\Program Files\Common Files\Designer
[27.10.2007|23:12] C:\Program Files\Common Files\InstallShield
[22.10.2007|02:19] C:\Program Files\Common Files\Java
[06.03.2009|01:00] C:\Program Files\Common Files\Microsoft Shared
[22.10.2007|02:11] C:\Program Files\Common Files\MSSoap
[05.11.2007|16:06] C:\Program Files\Common Files\Nero
[22.10.2007|04:01] C:\Program Files\Common Files\ODBC
[10.04.2009|01:36] C:\Program Files\Common Files\PC Tools
[28.03.2009|23:58] C:\Program Files\Common Files\Protexis
[27.10.2007|23:11] C:\Program Files\Common Files\ScanSoft Shared
[22.10.2007|02:11] C:\Program Files\Common Files\Services
[29.08.2008|21:10] C:\Program Files\Common Files\Sony Ericsson Shared
[09.04.2008|21:18] C:\Program Files\Common Files\Sony Shared
[22.10.2007|04:01] C:\Program Files\Common Files\SpeechEngines
[13.04.2009|23:21] C:\Program Files\Common Files\Symantec Shared
[19.08.2008|22:11] C:\Program Files\Common Files\System
[29.08.2008|21:10] C:\Program Files\Common Files\Teleca Shared
[18.03.2008|12:08] C:\Program Files\Common Files\WindowsLiveInstaller
[0|fil(er)] C:\Program Files\Common Files\byte
[27|mappe®] C:\Program Files\Common Files\byte ledig

--------------------\\ Process

( 44 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\John\Cookies\john@advertising[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 23:43:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 165

--------------------\\ Searching for other infections


No other infections found !

[F:86][D:0]-> C:\DOCUME~1\John\Cookies
[F:2][D:0]-> C:\DOCUME~1\John\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 13.04.2009|23:46 - Option : [1]

--------------------\\ Scan completed at 23:46:56


My computer behaves exactly the same I'm afraid. :s

I see that some phrases etc. in the logs is in Norwegian. Hope it still makes some sense.

Edited by Line, 13 April 2009 - 04:26 PM.

[heir]

I see that some phrases etc. in the logs is in Norwegian. Hope it still makes some sense. wink:

Look to the left.
The Scandinavian languages isn't a problem for me. Especially not Norwegian as it's almost like Swedish.

I'll review the logs and get back later today.

Edited by heir, 13 April 2009 - 11:03 PM.

[Line]

Yes, I assume you understand most Norwegian words.

Additional information: Something claiming to be an online scan for threats is popping up: Win web security. Starts scanning even if I click NO.

[heir]

Let's start removing the baddies then.

Step 1.
Uninstall unwanted software:

Please go to Start > Control Panel > Add/Remove Programs and remove the following:

BitTornado 0.3.18
LimeWire 4.18.8

Optional removals
Limewire, BitTornado and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
It's up to you if you want to remove the above programs, however I recommend you do.

Step 2.
CFScript:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
c:\windows\system32\fde32.dll
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\7c285535565]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
"d:\\Programfiles\\BitTornado\\btdownloadgui.exe"=-
Driver::
cdiskdun
Dirlook::
c:\windows\system32\NetworkService32

Save this as CFScript.txt, in the same location as ComboFix.exe




Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 3.
Things I would like to see in your reply:

• Which P2P softwares were uninstalled in step 1.
• The content of C:\ComboFix.txt from step 2.
• Information on how your computer is running now.

[Line]

Hi again!

I uninstalled both LimeWire and BitTornado, and ran the ComboFix with the CFScript.txt. Seems the system did freeze somewhere during that process, tho. I had to go to work, and after returning here the puter still had the combofix-window open with the text "combofix will now restart windows" (or something like that) - same as when I had to leave. I can't find that it has made any log file...

In the ComboFix folder I find this file that seems to be created at the time I left the pc, ComboFix.txt
ComboFix 09-04-13.A2 - John 2009-04-14 20:29:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.356 [GMT 2:00]
Kjører fra: C:\Documents and Settings\John\Desktop\ComboFix.exe
Command switches brukt :: C:\Documents and Settings\John\Desktop\CFScript.txt
AV: Norton 360 Online *On-access scanning disabled* (Outdated)
FW: Norton 360 Online *disabled*
* Opprettet nytt gjenopprettingspunkt

FILE ::
c:\windows\system32\fde32.dll
.


But - since i restarted the pc now the browser has been behaving just fine!

[heir]

Let's find out what happened here.


Please run OTListI2 again and post the content of OTListIt.txt

When you run OTlistIt2 (before hitting the run button) Paste the following line in the Custom Scans/Fixes field

c:\windows\system32\NetworkService32\*.*

Edited by heir, 15 April 2009 - 07:14 AM.
added custom scan

[Line]

Ok - here's my OTListIt.Txt
OTListIt logfile created on: 2009-04-15 16:44:57 - Run 2
OTListIt2 by OldTimer - Version 2.0.12.2 Folder = C:\Documents and Settings\John\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000414 | Country: Norway | Language: NOR | Date Format: yyyy-MM-dd

1022.48 Mb Total Physical Memory | 578.36 Mb Available Physical Memory | 56.56% Memory free
2.40 Gb Paging File | 2.02 Gb Available in Paging File | 83.96% Paging File free
Paging file location(s): D:\pagefile.sys 1533 3069;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 11.51 Gb Free Space | 39.30% Space Free | Partition Type: NTFS
Drive D: | 268.79 Gb Total Space | 161.13 Gb Free Space | 59.95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNLINE
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Jensen\Common\JensenUI.exe (Jensen Scandinavia AS.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\John\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Automatisk LiveUpdate-planlegging [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (comHost [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Ex [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PSI_SVC_2 [Auto | Running]) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (sdAuxService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe (Sony Corporation)
SRV - (sp_rssrv [Auto | Running]) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (Symantec Core LC [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ASAPIW2K [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ASAPIW2K.sys (VOB Computersysteme GmbH)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (d347bus [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (d347prt [Boot | Running]) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (MarvinBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090414.020\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090414.020\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (OMNUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sccmusbm.sys (OMNIKEY AG)
DRV - (PCLEPCI [System | Running]) -- C:\WINDOWS\system32\drivers\pclepci.sys (Pinnacle Systems GmbH)
DRV - (PCTCore [Boot | Running]) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RT80x86 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RT2860.sys (Ralink Technology, Corp.)
DRV - (RTL8023xp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (s3017bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s3017bus.sys (MCCI Corporation)
DRV - (s3017mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys (MCCI Corporation)
DRV - (s3017mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s3017mdm.sys (MCCI Corporation)
DRV - (s3017mgmt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys (MCCI Corporation)
DRV - (s3017nd5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s3017nd5.sys (MCCI Corporation)
DRV - (s3017obex [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s3017obex.sys (MCCI Corporation)
DRV - (s3017unic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s3017unic.sys (MCCI Corporation)
DRV - (s616bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616bus.sys (MCCI Corporation)
DRV - (s616mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616mdfl.sys (MCCI Corporation)
DRV - (s616mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616mdm.sys (MCCI Corporation)
DRV - (s616mgmt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616mgmt.sys (MCCI Corporation)
DRV - (s616nd5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616nd5.sys (MCCI Corporation)
DRV - (s616obex [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616obex.sys (MCCI Corporation)
DRV - (s616unic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616unic.sys (MCCI Corporation)
DRV - (se59bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\se59bus.sys (MCCI)
DRV - (se59mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\se59mdfl.sys (MCCI)
DRV - (se59mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\se59mdm.sys (MCCI)
DRV - (se59mgmt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\se59mgmt.sys (MCCI)
DRV - (se59nd5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\se59nd5.sys (MCCI)
DRV - (se59obex [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\se59obex.sys (MCCI)
DRV - (se59unic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\se59unic.sys (MCCI)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SRTSP [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20090407.002\SymIDSco.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (w800bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w800bus.sys (MCCI)
DRV - (w800mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w800mdfl.sys (MCCI)
DRV - (w800mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w800mdm.sys (MCCI)
DRV - (w800mgmt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w800mgmt.sys (MCCI)
DRV - (w800obex [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w800obex.sys (MCCI)
DRV - (wceusbsh [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009-04-04 11:22:26 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Koblingshjelpeprogram for Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton-verktøylinjen) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" (ScanSoft, Inc.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] "D:\programfiles\quick time\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions ()
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Jensen AirLink Utility.lnk = C:\Program Files\Jensen\Common\JensenUI.exe (Jensen Scandinavia AS.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = D:\Programfiles\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Opprett mobil favoritt - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1193017252146 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.eurofoto....geUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.eurofoto....geUploader4.cab (Image Uploader Control)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\7c285535565: DllName - C:\WINDOWS\System32\fde32.dll - C:\WINDOWS\System32\fde32.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[33 C:\WINDOWS\*.tmp files]
[2009-04-14 20:33:42 | 00,053,248 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2009-04-14 20:29:31 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009-04-14 20:24:19 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF26988.exe
[2009-04-14 20:24:19 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009-04-14 20:24:14 | 00,073,728 | ---- | C] () -- C:\pv.exe
[2009-04-13 23:36:34 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009-04-13 23:22:45 | 00,000,221 | ---- | C] () -- C:\Boot.bak
[2009-04-13 23:22:41 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009-04-13 23:22:38 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009-04-13 23:15:09 | 00,219,648 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009-04-13 23:15:09 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-04-13 23:15:09 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-04-13 23:15:09 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-04-13 23:15:09 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-04-13 23:15:09 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-04-13 23:15:09 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-04-13 23:15:09 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-04-13 23:14:20 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-04-13 22:40:39 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\John\Desktop\LopSD.exe
[2009-04-13 22:39:01 | 03,081,643 | R--- | C] () -- C:\Documents and Settings\John\Desktop\ComboFix.exe
[2009-04-13 19:15:58 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\NetworkService32
[2009-04-10 16:11:16 | 00,500,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTListIt2.exe
[2009-04-10 15:57:25 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Rooter.exe
[2009-04-10 15:56:43 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009-04-10 15:30:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-04-10 15:28:39 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\John\Desktop\NTREGOPT.lnk
[2009-04-10 15:28:39 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\John\Desktop\ERUNT.lnk
[2009-04-10 15:28:37 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009-04-10 14:54:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\SysRestorePoint_v13
[2009-04-10 14:53:56 | 00,009,334 | ---- | C] () -- C:\Documents and Settings\John\Desktop\SysRestorePoint_v13.zip
[2009-04-10 14:36:35 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\John\Desktop\HijackThis.lnk
[2009-04-10 14:36:34 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-04-10 14:36:25 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\John\Desktop\HJTInstall.exe
[2009-04-10 14:24:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\HouseCall 6.6
[2009-04-10 01:36:34 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009-04-10 01:36:24 | 00,130,424 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009-04-10 01:36:24 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009-04-10 01:36:16 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009-04-10 01:36:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009-04-10 01:36:06 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009-04-10 01:36:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\PC Tools
[2009-04-10 01:36:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009-04-10 01:34:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009-04-10 01:34:53 | 00,000,954 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009-04-09 17:50:54 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009-04-09 16:11:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Uniblue
[2009-04-09 14:17:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Malwarebytes
[2009-04-09 14:17:31 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-04-09 14:17:31 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009-04-09 14:17:28 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-04-09 14:17:27 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-04-09 14:17:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009-04-09 14:04:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Downloaded Installations
[2009-04-06 18:06:35 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009-04-06 18:05:53 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009-04-06 18:05:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009-04-06 18:05:12 | 00,001,482 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009-04-05 19:22:55 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2009-04-05 19:21:19 | 00,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009-04-05 19:21:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Spyware Terminator
[2009-04-05 19:21:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009-04-05 19:21:07 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2009-04-05 14:32:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Corel
[2009-04-05 11:16:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009-04-05 11:15:28 | 23,608,320 | ---- | C] (PC Tools ) -- C:\Documents and Settings\John\Desktop\sdsetup.exe
[2009-03-31 20:43:53 | 00,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009-03-31 20:43:53 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\AD4CF59E02.sys
[2009-03-29 23:12:51 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Rapport.doc
[2009-03-29 00:00:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\My PSP Files
[2009-03-29 00:00:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Corel
[2009-03-28 23:58:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2009-03-28 23:58:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2009-03-28 23:58:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Corel
[2009-03-28 23:51:42 | 00,000,000 | ---D | C] -- C:\Program Files\Corel
[2008-11-19 23:16:29 | 00,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2008-11-19 23:07:20 | 00,001,289 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2008-11-19 23:07:15 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2008-11-19 23:07:14 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2008-11-19 23:07:14 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2008-11-19 23:07:14 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2008-11-19 23:07:14 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2008-04-09 21:18:27 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2008-04-05 20:34:48 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2008-04-05 20:34:48 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2007-11-13 15:28:58 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-11-08 15:04:51 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007-11-08 15:04:07 | 00,000,921 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007-11-01 21:16:34 | 00,000,049 | ---- | C] () -- C:\WINDOWS\clue.ini
[2007-10-27 23:11:47 | 00,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007-10-27 18:04:57 | 00,000,067 | ---- | C] () -- C:\WINDOWS\blaafjell.ini
[2007-10-23 16:39:31 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5m.DLL
[2007-10-23 13:28:14 | 00,000,169 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007-10-22 23:50:09 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-10-22 02:18:47 | 00,001,068 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007-07-25 10:24:30 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006-07-20 20:58:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-07-20 20:58:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-07-20 20:58:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-07-20 20:58:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-07-20 20:58:00 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006-02-26 11:08:28 | 00,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005-08-05 15:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004-12-20 19:24:03 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004-08-22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004-08-10 21:00:00 | 00,000,601 | ---- | C] () -- C:\WINDOWS\win.ini
[2004-08-10 21:00:00 | 00,000,253 | ---- | C] () -- C:\WINDOWS\system.ini
[2001-03-30 22:58:36 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\Property.dll
[1999-10-19 14:17:00 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[33 C:\WINDOWS\*.tmp files]
[2009-04-15 16:11:10 | 00,000,954 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009-04-15 16:11:01 | 00,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009-04-15 16:10:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-04-15 16:10:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-04-14 20:33:42 | 00,053,248 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2009-04-14 20:24:13 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF26988.exe
[2009-04-14 17:02:28 | 00,000,564 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Mine delte mapper.lnk
[2009-04-14 17:01:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-04-14 13:30:14 | 00,000,049 | ---- | M] () -- C:\WINDOWS\clue.ini
[2009-04-14 13:19:07 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2009-04-14 13:19:07 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-04-13 23:33:21 | 00,000,253 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-04-13 23:22:45 | 00,000,291 | RHS- | M] () -- C:\boot.ini
[2009-04-13 22:40:40 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\John\Desktop\LopSD.exe
[2009-04-13 22:39:01 | 03,081,643 | R--- | M] () -- C:\Documents and Settings\John\Desktop\ComboFix.exe
[2009-04-10 16:11:23 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTListIt2.exe
[2009-04-10 15:57:28 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Rooter.exe
[2009-04-10 15:45:52 | 00,469,108 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-04-10 15:45:52 | 00,401,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-04-10 15:45:52 | 00,062,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-04-10 15:41:54 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-04-10 15:28:39 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\John\Desktop\NTREGOPT.lnk
[2009-04-10 15:28:39 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\John\Desktop\ERUNT.lnk
[2009-04-10 14:54:09 | 00,009,334 | ---- | M] () -- C:\Documents and Settings\John\Desktop\SysRestorePoint_v13.zip
[2009-04-10 14:36:35 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\John\Desktop\HijackThis.lnk
[2009-04-10 14:36:30 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\John\Desktop\HJTInstall.exe
[2009-04-09 14:17:31 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009-04-07 23:28:49 | 00,000,601 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-04-07 19:08:30 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009-04-06 18:05:12 | 00,001,482 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009-04-06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-04-06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-04-05 19:22:55 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2009-04-05 19:21:19 | 00,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009-04-05 15:04:17 | 00,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009-04-05 11:15:36 | 23,608,320 | ---- | M] (PC Tools ) -- C:\Documents and Settings\John\Desktop\sdsetup.exe
[2009-04-05 00:11:49 | 00,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Jensen AirLink Utility.lnk
[2009-04-04 23:58:06 | 03,183,544 | -H-- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\IconCache.db
[2009-03-31 20:43:53 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\AD4CF59E02.sys
[2009-03-30 12:50:41 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-03-29 23:44:06 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Rapport.doc

========== Custom Scans ==========


< c:\windows\system32\NetworkService32\*.* >
[2009-04-13 17:18:33 | 00,263,246 | ---- | M] () -- c:\windows\system32\NetworkService32\101.crack.zip
[2009-03-14 23:51:40 | 00,000,179 | ---- | M] () -- c:\windows\system32\NetworkService32\101.crack.zip.kwd
[2009-04-13 17:18:45 | 00,271,389 | ---- | M] () -- c:\windows\system32\NetworkService32\102.keygen.zip
[2009-03-14 23:53:14 | 00,000,315 | ---- | M] () -- c:\windows\system32\NetworkService32\102.keygen.zip.kwd
[2009-04-13 17:18:56 | 00,386,142 | ---- | M] () -- c:\windows\system32\NetworkService32\103.serial.zip
[2009-03-14 23:54:51 | 00,000,247 | ---- | M] () -- c:\windows\system32\NetworkService32\103.serial.zip.kwd
[2009-04-13 17:19:11 | 00,271,367 | ---- | M] () -- c:\windows\system32\NetworkService32\104.setup.zip
[2009-03-14 23:56:25 | 00,000,305 | ---- | M] () -- c:\windows\system32\NetworkService32\104.setup.zip.kwd
[2009-04-13 17:12:04 | 04,320,425 | ---- | M] () -- c:\windows\system32\NetworkService32\105.music.mp3
[2009-03-14 23:44:06 | 00,000,087 | ---- | M] () -- c:\windows\system32\NetworkService32\105.music.mp3.kwd
[2009-04-13 17:08:26 | 04,380,953 | ---- | M] () -- c:\windows\system32\NetworkService32\106.music.snd
[2009-03-14 23:46:12 | 00,000,106 | ---- | M] () -- c:\windows\system32\NetworkService32\106.music.snd.kwd
[2009-04-13 17:11:38 | 03,473,609 | ---- | M] () -- c:\windows\system32\NetworkService32\107.music.au
[2009-03-14 23:50:02 | 00,000,081 | ---- | M] () -- c:\windows\system32\NetworkService32\107.music.au.kwd
[2009-04-13 17:11:09 | 02,189,446 | ---- | M] () -- c:\windows\system32\NetworkService32\108.video.wmv
[2009-03-26 16:07:50 | 00,042,939 | ---- | M] () -- c:\windows\system32\NetworkService32\108.video.wmv.kwd

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

[heir]

Please do not format the logs in any way cause it makes them harder to read.
Let's change that CFScriipt a bit and run it once more


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

KillAll::
File::
c:\windows\system32\fde32.dll
Folder::
c:\windows\system32\NetworkService32
C:\DOCUME~1\John\APPLIC~1\.BitTornado
C:\DOCUME~1\John\APPLIC~1\LimeWire
C:\Program Files\LimeWire
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\7c285535565]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
"d:\\Programfiles\\BitTornado\\btdownloadgui.exe"=-
Driver::
cdiskdun
Dirlook::
c:\windows\system32\NetworkService32

Save this as CFScript.txt, in the same location as ComboFix.exe




Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[Line]

Ok - here goes:

ComboFix 09-04-13.A2 - John 2009-04-15 18:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.567 [GMT 2:00]
Kjører fra: c:\documents and settings\John\Desktop\ComboFix.exe
Command switches brukt :: c:\documents and settings\John\Desktop\CFScript.txt
AV: Norton 360 Online *On-access scanning disabled* (Outdated)
FW: Norton 360 Online *disabled*
* Opprettet nytt gjenopprettingspunkt

FILE ::
c:\windows\system32\fde32.dll
.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\John\APPLIC~1\.BitTornado
c:\docume~1\John\APPLIC~1\.BitTornado\config.gui.ini
c:\docume~1\John\APPLIC~1\.BitTornado\datacache\5b443904cd04fe0b13432aba25b539a1ef67f038
c:\docume~1\John\APPLIC~1\.BitTornado\datacache\905c8c9fe9b4ad4ee2af9e25a682fdff8276bc40
c:\docume~1\John\APPLIC~1\.BitTornado\datacache\9a4baef3c14e56bb72c0a42788286ebe575e7977
c:\docume~1\John\APPLIC~1\.BitTornado\icons\alloc.gif
c:\docume~1\John\APPLIC~1\.BitTornado\icons\black.ico
c:\docume~1\John\APPLIC~1\.BitTornado\icons\black1.ico
c:\docume~1\John\APPLIC~1\.BitTornado\icons\blue.ico
c:\docume~1\John\APPLIC~1\.BitTornado\icons\green.ico
c:\docume~1\John\APPLIC~1\.BitTornado\icons\green1.ico
c:\docume~1\John\APPLIC~1\.BitTornado\icons\icon_bt.ico
c:\docume~1\John\APPLIC~1\.BitTornado\icons\icon_done.ico
c:\docume~1\John\APPLIC~1\.BitTornado\icons\red.ico
c:\docume~1\John\APPLIC~1\.BitTornado\icons\white.ico
c:\docume~1\John\APPLIC~1\.BitTornado\icons\yellow.ico
c:\docume~1\John\APPLIC~1\.BitTornado\icons\yellow1.ico
c:\docume~1\John\APPLIC~1\LimeWire
c:\docume~1\John\APPLIC~1\LimeWire\414splashfree.png
c:\docume~1\John\APPLIC~1\LimeWire\active.mojito
c:\docume~1\John\APPLIC~1\LimeWire\bugs.data
c:\docume~1\John\APPLIC~1\LimeWire\certificate\limewire.keystore
c:\docume~1\John\APPLIC~1\LimeWire\createtimes.cache
c:\docume~1\John\APPLIC~1\LimeWire\downloads.dat
c:\docume~1\John\APPLIC~1\LimeWire\fileurns.bak
c:\docume~1\John\APPLIC~1\LimeWire\fileurns.cache
c:\docume~1\John\APPLIC~1\LimeWire\filters.props
c:\docume~1\John\APPLIC~1\LimeWire\gnutella.net
c:\docume~1\John\APPLIC~1\LimeWire\installation.props
c:\docume~1\John\APPLIC~1\LimeWire\library.dat
c:\docume~1\John\APPLIC~1\LimeWire\limewire.props
c:\docume~1\John\APPLIC~1\LimeWire\mojito.props
c:\docume~1\John\APPLIC~1\LimeWire\passive.mojito
c:\docume~1\John\APPLIC~1\LimeWire\promotion\promodb.backup
c:\docume~1\John\APPLIC~1\LimeWire\promotion\promodb.data
c:\docume~1\John\APPLIC~1\LimeWire\promotion\promodb.lck
c:\docume~1\John\APPLIC~1\LimeWire\promotion\promodb.log
c:\docume~1\John\APPLIC~1\LimeWire\promotion\promodb.properties
c:\docume~1\John\APPLIC~1\LimeWire\promotion\promodb.script
c:\docume~1\John\APPLIC~1\LimeWire\questions.props
c:\docume~1\John\APPLIC~1\LimeWire\responses.cache
c:\docume~1\John\APPLIC~1\LimeWire\simpp.xml
c:\docume~1\John\APPLIC~1\LimeWire\spam.dat
c:\docume~1\John\APPLIC~1\LimeWire\tables.props
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme.lwtp
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\01_star.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\02_star.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\03_star.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\04_star.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\05_star.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\chat.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\forward_dn.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\forward_up.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\kill.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\kill_on.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\logo.png
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\notsearching.png
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\pause_dn.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\pause_up.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\play_dn.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\play_up.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\question.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\rewind_dn.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\rewind_up.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\searching.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\splash.png
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\splashpro.png
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\stop_dn.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\stop_up.gif
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\theme.txt
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\version.txt
c:\docume~1\John\APPLIC~1\LimeWire\themes\windows_theme\warning.gif
c:\docume~1\John\APPLIC~1\LimeWire\ttree.cache
c:\docume~1\John\APPLIC~1\LimeWire\ttrees.cache
c:\docume~1\John\APPLIC~1\LimeWire\ttroot.cache
c:\docume~1\John\APPLIC~1\LimeWire\version.xml
c:\docume~1\John\APPLIC~1\LimeWire\versions.props
c:\docume~1\John\APPLIC~1\LimeWire\xml\data\audio.sxml2
c:\docume~1\John\APPLIC~1\LimeWire\xml\data\delete_me
c:\docume~1\John\APPLIC~1\LimeWire\xml\misc\application.gif
c:\docume~1\John\APPLIC~1\LimeWire\xml\misc\audio.gif
c:\docume~1\John\APPLIC~1\LimeWire\xml\misc\document.gif
c:\docume~1\John\APPLIC~1\LimeWire\xml\misc\image.gif
c:\docume~1\John\APPLIC~1\LimeWire\xml\misc\video.gif
c:\docume~1\John\APPLIC~1\LimeWire\xml\schemas\application.xsd
c:\docume~1\John\APPLIC~1\LimeWire\xml\schemas\audio.xsd
c:\docume~1\John\APPLIC~1\LimeWire\xml\schemas\document.xsd
c:\docume~1\John\APPLIC~1\LimeWire\xml\schemas\image.xsd
c:\docume~1\John\APPLIC~1\LimeWire\xml\schemas\video.xsd
c:\program files\LimeWire
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-net.jar
c:\program files\LimeWire\lib\dnsjava.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\forms.jar
c:\program files\LimeWire\lib\foxtrot.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\guice-1.0.jar
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\looks.jar
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\ProgressTabs.jar
c:\program files\LimeWire\lib\swt.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\themes.jar
c:\program files\LimeWire\lib\tray.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire.exe
c:\windows\system32\fde32.dll
c:\windows\system32\NetworkService32
c:\windows\system32\NetworkService32\101.crack.zip
c:\windows\system32\NetworkService32\101.crack.zip.kwd
c:\windows\system32\NetworkService32\102.keygen.zip
c:\windows\system32\NetworkService32\102.keygen.zip.kwd
c:\windows\system32\NetworkService32\103.serial.zip
c:\windows\system32\NetworkService32\103.serial.zip.kwd
c:\windows\system32\NetworkService32\104.setup.zip
c:\windows\system32\NetworkService32\104.setup.zip.kwd
c:\windows\system32\NetworkService32\105.music.mp3
c:\windows\system32\NetworkService32\105.music.mp3.kwd
c:\windows\system32\NetworkService32\106.music.snd
c:\windows\system32\NetworkService32\106.music.snd.kwd
c:\windows\system32\NetworkService32\107.music.au
c:\windows\system32\NetworkService32\107.music.au.kwd
c:\windows\system32\NetworkService32\108.video.wmv
c:\windows\system32\NetworkService32\108.video.wmv.kwd
.
---- Forrige skanning -------
.
c:\documents and settings\John\Application Data\02000000f1a73d14565C.manifest
c:\documents and settings\John\Application Data\02000000f1a73d14565O.manifest
c:\documents and settings\John\Application Data\02000000f1a73d14565P.manifest
c:\documents and settings\John\Application Data\02000000f1a73d14565S.manifest
c:\windows\system32\fde32.dll
c:\windows\system32\GroupPolicy000.dat

.
((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CDISKDUN
-------\Service_cdiskdun


((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-15 til 2009-04-15 )))))))))))))))))))))))))))))))))
.

2009-04-13 21:36 . 2009-04-13 21:46 -------- d-----w C:\Lop SD
2009-04-10 13:56 . 2009-04-10 14:31 -------- d-----w C:\Rooter$
2009-04-10 12:24 . 2009-04-10 12:57 -------- d-----w c:\documents and settings\John\Application Data\HouseCall 6.6
2009-04-09 23:36 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-09 23:36 . 2009-03-06 14:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-09 23:36 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-09 23:36 . 2008-12-10 10:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-09 23:36 . 2009-04-09 23:36 -------- d-----w c:\documents and settings\John\Application Data\PC Tools
2009-04-09 23:36 . 2009-04-09 23:36 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-04-09 23:34 . 2009-04-15 16:27 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-09 15:53 . 2009-04-09 15:53 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-04-09 14:11 . 2009-04-09 14:11 -------- d-----w c:\documents and settings\John\Application Data\Uniblue
2009-04-09 12:53 . 2009-04-09 13:08 -------- d-----w c:\documents and settings\John\.housecall6.6
2009-04-09 12:17 . 2009-04-09 12:17 -------- d-----w c:\documents and settings\John\Application Data\Malwarebytes
2009-04-09 12:17 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-09 12:17 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-09 12:17 . 2009-04-09 12:17 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-09 12:04 . 2009-04-09 12:04 -------- d-----w c:\documents and settings\John\Local Settings\Application Data\Downloaded Installations
2009-04-06 16:05 . 2009-04-06 16:06 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-05 17:21 . 2009-04-05 17:21 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-04-05 17:21 . 2009-04-09 11:42 -------- d-----w c:\documents and settings\John\Application Data\Spyware Terminator
2009-04-05 17:21 . 2009-04-09 11:46 -------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-04-05 12:32 . 2009-04-05 12:59 -------- d-----w c:\documents and settings\John\Local Settings\Application Data\Corel
2009-04-05 09:16 . 2009-04-10 00:38 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-04 09:22 . 2009-03-09 03:19 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-31 18:43 . 2009-04-05 13:04 2516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-03-31 18:43 . 2009-03-31 18:43 8 --sh--r c:\documents and settings\All Users\Application Data\AD4CF59E02.sys
2009-03-28 22:00 . 2009-03-31 18:44 -------- d-----w c:\documents and settings\John\Application Data\Corel
2009-03-28 21:58 . 2009-03-28 22:00 -------- d-----w c:\documents and settings\All Users\Application Data\Corel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 16:55 . 2007-10-22 02:15 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-15 15:48 . 2007-10-22 15:09 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-13 21:46 . 2009-04-13 21:37 12877 ----a-w C:\lopR.txt
2009-04-10 14:31 . 2009-04-10 13:59 3192 ----a-w C:\Rooter.txt
2009-04-10 13:29 . 2009-04-10 13:28 -------- d-----w c:\program files\ERUNT
2009-04-10 12:36 . 2009-04-10 12:36 -------- d-----w c:\program files\Trend Micro
2009-04-10 00:32 . 2009-04-09 23:36 -------- d-----w c:\program files\Spyware Doctor
2009-04-09 23:36 . 2009-04-09 23:36 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-09 23:34 . 2007-10-26 08:35 -------- d-----w c:\program files\Google
2009-04-09 12:17 . 2009-04-09 12:17 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-09 11:59 . 2007-10-22 00:19 -------- d-----w c:\program files\Java
2009-04-09 11:46 . 2009-04-05 17:21 -------- d-----w c:\program files\Spyware Terminator
2009-04-08 07:25 . 2007-12-25 00:18 -------- d-----w c:\documents and settings\John\Application Data\ZoomBrowser EX
2009-04-08 07:18 . 2007-12-25 00:08 -------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-04-06 16:06 . 2009-01-13 20:01 -------- d-----w c:\program files\iTunes
2009-04-06 16:05 . 2009-04-06 16:05 -------- d-----w c:\program files\iPod
2009-04-06 16:05 . 2007-11-28 15:25 -------- d-----w c:\program files\Common Files\Apple
2009-04-05 21:59 . 2007-10-22 21:30 -------- d-----w c:\documents and settings\John\Application Data\foobar2000
2009-04-05 09:00 . 2008-03-01 19:11 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-05 09:00 . 2008-03-01 19:11 -------- d-----w c:\program files\Lavasoft
2009-03-28 21:59 . 2009-03-28 21:58 -------- d-----w c:\program files\Common Files\Corel
2009-03-28 21:58 . 2009-03-28 21:58 -------- d-----w c:\program files\Common Files\Protexis
2009-03-28 21:58 . 2009-03-28 21:51 -------- d-----w c:\program files\Corel
2009-03-03 19:08 . 2008-07-02 22:39 268 ---ha-w C:\sqmdata13.sqm
2009-03-03 19:08 . 2008-07-02 22:39 244 ---ha-w C:\sqmnoopt13.sqm
2009-03-03 07:47 . 2008-07-01 21:46 244 ---ha-w C:\sqmnoopt12.sqm
2009-03-03 07:47 . 2008-07-01 21:46 232 ---ha-w C:\sqmdata12.sqm
2009-02-16 23:25 . 2008-07-01 07:40 268 ---ha-w C:\sqmdata11.sqm
2009-02-16 23:25 . 2008-07-01 07:40 244 ---ha-w C:\sqmnoopt11.sqm
2009-02-09 11:13 . 2005-10-06 00:06 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-01 22:52 . 2008-06-30 22:09 232 ---ha-w C:\sqmdata10.sqm
2009-02-01 22:52 . 2008-06-30 22:09 244 ---ha-w C:\sqmnoopt10.sqm
2009-01-31 20:53 . 2008-05-15 22:34 244 ---ha-w C:\sqmnoopt09.sqm
2009-01-31 20:53 . 2008-05-15 22:34 232 ---ha-w C:\sqmdata09.sqm
2009-01-17 14:32 . 2008-04-02 14:53 244 ---ha-w C:\sqmnoopt08.sqm
2009-01-17 14:32 . 2008-04-02 14:53 232 ---ha-w C:\sqmdata08.sqm
2009-01-17 00:04 . 2008-04-02 00:31 244 ---ha-w C:\sqmnoopt07.sqm
2009-01-17 00:04 . 2008-04-02 00:31 232 ---ha-w C:\sqmdata07.sqm
2009-01-10 23:49 . 2007-10-22 00:35 225592 ----a-w c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-10-22 11:30 . 2007-10-22 11:28 49181904 ----a-w c:\program files\nis2007.exe
2007-10-22 01:50 . 2007-10-22 01:50 127 ------w c:\documents and settings\John\Local Settings\Application Data\fusioncache.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\windows\system32\NetworkService32 ----

2009-04-13 17:19 271367 --a------ c:\windows\system32\NetworkService32\104.setup.zip
2009-04-13 17:18 386142 --a------ c:\windows\system32\NetworkService32\103.serial.zip
2009-04-13 17:18 271389 --a------ c:\windows\system32\NetworkService32\102.keygen.zip
2009-04-13 17:18 263246 --a------ c:\windows\system32\NetworkService32\101.crack.zip
2009-04-13 17:12 4320425 --a------ c:\windows\system32\NetworkService32\105.music.mp3
2009-04-13 17:11 3473609 --a------ c:\windows\system32\NetworkService32\107.music.au
2009-04-13 17:11 2189446 --a------ c:\windows\system32\NetworkService32\108.video.wmv
2009-04-13 17:08 4380953 --a------ c:\windows\system32\NetworkService32\106.music.snd
2009-03-26 16:07 42939 --a------ c:\windows\system32\NetworkService32\108.video.wmv.kwd
2009-03-14 23:56 305 --a------ c:\windows\system32\NetworkService32\104.setup.zip.kwd
2009-03-14 23:54 247 --a------ c:\windows\system32\NetworkService32\103.serial.zip.kwd
2009-03-14 23:53 315 --a------ c:\windows\system32\NetworkService32\102.keygen.zip.kwd
2009-03-14 23:51 179 --a------ c:\windows\system32\NetworkService32\101.crack.zip.kwd
2009-03-14 23:50 81 --a------ c:\windows\system32\NetworkService32\107.music.au.kwd
2009-03-14 23:46 106 --a------ c:\windows\system32\NetworkService32\106.music.snd.kwd
2009-03-14 23:44 87 --a------ c:\windows\system32\NetworkService32\105.music.mp3.kwd


((((((((((((((((((((((((((((( SnapShot@2009-04-13_23.34.48,07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-15 16:54 . 2009-04-15 16:54 16384 c:\windows\temp\Perflib_Perfdata_774.dat
+ 2009-04-15 16:53 . 2005-10-20 18:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712]
"QuickTime Task"="d:\programfiles\quick time\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\John\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-28 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-28 113664]
Jensen AirLink Utility.lnk - c:\program files\Jensen\Common\JensenUI.exe [2008-11-11 679936]
Microsoft Office.lnk - d:\programfiles\Office\OSA9.EXE [1999-10-19 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\System32\fde32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;c:\windows\system32\DRIVERS\sccmusbm.sys [2001-08-17 23936]
R3 RT80x86;Jensen Air:Link 83300 Driver;c:\windows\system32\DRIVERS\RT2860.sys [2007-07-29 537216]
R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-11-07 32000]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]


--- Andre tjenester/drivere lastet i minnet ---

*NewlyCreated* - COMHOST
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-10 01:34]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.vg.no/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 18:54
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1482476501-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,31,20,c5,11,59,
ab,34,00,e2,63,26,f1,3f,c8,ff,68,69,ff,4d,72,8e,38,f3,21,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,d7,c2,1b,8c,e1,
dd,c5,f2,6a,9c,d6,61,af,45,84,18,e5,69,62,e2,d0,93,96,4d,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,4a,c1,c4,08,2e,
66,b0,8c,ff,7c,85,e0,43,d4,0e,fe,b0,2c,9b,17,4e,5e,ac,36,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,59,06,5f,dd,b2,
16,41,fa,86,8c,21,01,be,91,eb,e7,19,c3,b1,0b,79,7d,7a,7d,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,05,99,1e,3c,43,
f3,0d,b2,f5,1d,4d,73,a8,13,5c,05,fe,b8,d0,bd,3e,f1,49,9e,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,3e,82,10,c5,a4,
a4,1b,3b,df,20,58,62,78,6b,cf,c8,eb,82,62,4a,5e,c1,bf,12,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,a5,5e,28,9a,f5,
7b,34,9f,fb,a7,78,e6,12,2f,9a,ea,e5,3f,91,61,9c,58,34,6c,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,73,5a,ef,32,80,
68,e9,03,01,3a,48,fc,e8,04,4a,f1,58,52,5f,53,ef,fb,e3,c4,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,11,d5,b1,60,7a,
7e,a1,fd,f6,0f,4e,58,98,5b,89,c9,95,96,47,ae,9e,b4,d1,43,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,f3,0b,26,20,40,
60,1a,79,3d,ce,ea,26,2d,45,aa,78,35,f1,a8,79,45,a5,ed,30,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,89,57,53,8e,b8,
c7,76,51,2a,b7,cc,b5,b9,7f,41,e7,3f,09,e2,1d,be,00,bd,a5,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,db,74,c9,c6,83,
e9,02,05,6c,43,2d,1e,aa,22,2f,9c,9d,32,83,cc,4e,7e,9e,e6,6c,43,2d,1e,aa,22,\
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'explorer.exe'(952)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2009-04-15 18:57 - maskinen ble startet på nytt [John]
ComboFix-quarantined-files.txt 2009-04-15 16:57
ComboFix2.txt 2009-04-13 21:35

Pre-Run: 12,248,244,224 bytes free
Post-Run: 12,032,708,608 byte ledig

475 --- E O F --- 2009-03-20 23:04

[heir]

Hm.... There are still entries there. One more run

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

KillAll::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
Dirlook::
c:\windows\system32\NetworkService32

Save this as CFScript.txt, in the same location as ComboFix.exe




Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[Line]

ComboFix 09-04-13.A2 - John 2009-04-15 20:21.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.553 [GMT 2:00]
Kjører fra: c:\documents and settings\John\Desktop\ComboFix.exe
Command switches brukt :: c:\documents and settings\John\Desktop\CFScript.txt
AV: Norton 360 Online *On-access scanning disabled* (Outdated)
FW: Norton 360 Online *disabled*
* Opprettet nytt gjenopprettingspunkt
.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-15 til 2009-04-15 )))))))))))))))))))))))))))))))))
.

2009-04-13 21:36 . 2009-04-13 21:46 -------- d-----w C:\Lop SD
2009-04-10 13:56 . 2009-04-10 14:31 -------- d-----w C:\Rooter$
2009-04-10 12:24 . 2009-04-10 12:57 -------- d-----w c:\documents and settings\John\Application Data\HouseCall 6.6
2009-04-09 23:36 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-09 23:36 . 2009-03-06 14:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-09 23:36 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-09 23:36 . 2008-12-10 10:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-09 23:36 . 2009-04-09 23:36 -------- d-----w c:\documents and settings\John\Application Data\PC Tools
2009-04-09 23:36 . 2009-04-09 23:36 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-04-09 23:34 . 2009-04-15 16:27 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-09 15:53 . 2009-04-09 15:53 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-04-09 14:11 . 2009-04-09 14:11 -------- d-----w c:\documents and settings\John\Application Data\Uniblue
2009-04-09 12:53 . 2009-04-09 13:08 -------- d-----w c:\documents and settings\John\.housecall6.6
2009-04-09 12:17 . 2009-04-09 12:17 -------- d-----w c:\documents and settings\John\Application Data\Malwarebytes
2009-04-09 12:17 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-09 12:17 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-09 12:17 . 2009-04-09 12:17 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-09 12:04 . 2009-04-09 12:04 -------- d-----w c:\documents and settings\John\Local Settings\Application Data\Downloaded Installations
2009-04-06 16:05 . 2009-04-06 16:06 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-05 17:21 . 2009-04-05 17:21 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-04-05 17:21 . 2009-04-09 11:42 -------- d-----w c:\documents and settings\John\Application Data\Spyware Terminator
2009-04-05 17:21 . 2009-04-09 11:46 -------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-04-05 12:32 . 2009-04-05 12:59 -------- d-----w c:\documents and settings\John\Local Settings\Application Data\Corel
2009-04-05 09:16 . 2009-04-10 00:38 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-04 09:22 . 2009-03-09 03:19 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-31 18:43 . 2009-04-05 13:04 2516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-03-31 18:43 . 2009-03-31 18:43 8 --sh--r c:\documents and settings\All Users\Application Data\AD4CF59E02.sys
2009-03-28 22:00 . 2009-03-31 18:44 -------- d-----w c:\documents and settings\John\Application Data\Corel
2009-03-28 21:58 . 2009-03-28 22:00 -------- d-----w c:\documents and settings\All Users\Application Data\Corel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 18:27 . 2007-10-22 02:15 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-15 18:18 . 2007-10-22 15:09 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-13 21:46 . 2009-04-13 21:37 12877 ----a-w C:\lopR.txt
2009-04-10 14:31 . 2009-04-10 13:59 3192 ----a-w C:\Rooter.txt
2009-04-10 13:29 . 2009-04-10 13:28 -------- d-----w c:\program files\ERUNT
2009-04-10 12:36 . 2009-04-10 12:36 -------- d-----w c:\program files\Trend Micro
2009-04-10 00:32 . 2009-04-09 23:36 -------- d-----w c:\program files\Spyware Doctor
2009-04-09 23:36 . 2009-04-09 23:36 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-09 23:34 . 2007-10-26 08:35 -------- d-----w c:\program files\Google
2009-04-09 12:17 . 2009-04-09 12:17 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-09 11:59 . 2007-10-22 00:19 -------- d-----w c:\program files\Java
2009-04-09 11:46 . 2009-04-05 17:21 -------- d-----w c:\program files\Spyware Terminator
2009-04-08 07:25 . 2007-12-25 00:18 -------- d-----w c:\documents and settings\John\Application Data\ZoomBrowser EX
2009-04-08 07:18 . 2007-12-25 00:08 -------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-04-06 16:06 . 2009-01-13 20:01 -------- d-----w c:\program files\iTunes
2009-04-06 16:05 . 2009-04-06 16:05 -------- d-----w c:\program files\iPod
2009-04-06 16:05 . 2007-11-28 15:25 -------- d-----w c:\program files\Common Files\Apple
2009-04-05 21:59 . 2007-10-22 21:30 -------- d-----w c:\documents and settings\John\Application Data\foobar2000
2009-04-05 09:00 . 2008-03-01 19:11 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-05 09:00 . 2008-03-01 19:11 -------- d-----w c:\program files\Lavasoft
2009-03-28 21:59 . 2009-03-28 21:58 -------- d-----w c:\program files\Common Files\Corel
2009-03-28 21:58 . 2009-03-28 21:58 -------- d-----w c:\program files\Common Files\Protexis
2009-03-28 21:58 . 2009-03-28 21:51 -------- d-----w c:\program files\Corel
2009-03-03 19:08 . 2008-07-02 22:39 268 ---ha-w C:\sqmdata13.sqm
2009-03-03 19:08 . 2008-07-02 22:39 244 ---ha-w C:\sqmnoopt13.sqm
2009-03-03 07:47 . 2008-07-01 21:46 244 ---ha-w C:\sqmnoopt12.sqm
2009-03-03 07:47 . 2008-07-01 21:46 232 ---ha-w C:\sqmdata12.sqm
2009-02-16 23:25 . 2008-07-01 07:40 268 ---ha-w C:\sqmdata11.sqm
2009-02-16 23:25 . 2008-07-01 07:40 244 ---ha-w C:\sqmnoopt11.sqm
2009-02-09 11:13 . 2005-10-06 00:06 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-01 22:52 . 2008-06-30 22:09 232 ---ha-w C:\sqmdata10.sqm
2009-02-01 22:52 . 2008-06-30 22:09 244 ---ha-w C:\sqmnoopt10.sqm
2009-01-31 20:53 . 2008-05-15 22:34 244 ---ha-w C:\sqmnoopt09.sqm
2009-01-31 20:53 . 2008-05-15 22:34 232 ---ha-w C:\sqmdata09.sqm
2009-01-17 14:32 . 2008-04-02 14:53 244 ---ha-w C:\sqmnoopt08.sqm
2009-01-17 14:32 . 2008-04-02 14:53 232 ---ha-w C:\sqmdata08.sqm
2009-01-17 00:04 . 2008-04-02 00:31 244 ---ha-w C:\sqmnoopt07.sqm
2009-01-17 00:04 . 2008-04-02 00:31 232 ---ha-w C:\sqmdata07.sqm
2009-01-10 23:49 . 2007-10-22 00:35 225592 ----a-w c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-10-22 11:30 . 2007-10-22 11:28 49181904 ----a-w c:\program files\nis2007.exe
2007-10-22 01:50 . 2007-10-22 01:50 127 ------w c:\documents and settings\John\Local Settings\Application Data\fusioncache.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\windows\system32\NetworkService32 ----



((((((((((((((((((((((((((((( SnapShot@2009-04-13_23.34.48,07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-15 18:26 . 2009-04-15 18:26 16384 c:\windows\temp\Perflib_Perfdata_77c.dat
+ 2009-04-15 16:53 . 2005-10-20 18:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712]
"QuickTime Task"="d:\programfiles\quick time\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\John\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-28 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-28 113664]
Jensen AirLink Utility.lnk - c:\program files\Jensen\Common\JensenUI.exe [2008-11-11 679936]
Microsoft Office.lnk - d:\programfiles\Office\OSA9.EXE [1999-10-19 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;c:\windows\system32\DRIVERS\sccmusbm.sys [2001-08-17 23936]
R3 RT80x86;Jensen Air:Link 83300 Driver;c:\windows\system32\DRIVERS\RT2860.sys [2007-07-29 537216]
R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-11-07 32000]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]


--- Andre tjenester/drivere lastet i minnet ---

*NewlyCreated* - COMHOST
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-10 01:34]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.vg.no/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 20:26
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1482476501-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,31,20,c5,11,59,
ab,34,00,e2,63,26,f1,3f,c8,ff,68,69,ff,4d,72,8e,38,f3,21,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,d7,c2,1b,8c,e1,
dd,c5,f2,6a,9c,d6,61,af,45,84,18,e5,69,62,e2,d0,93,96,4d,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,4a,c1,c4,08,2e,
66,b0,8c,ff,7c,85,e0,43,d4,0e,fe,b0,2c,9b,17,4e,5e,ac,36,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,59,06,5f,dd,b2,
16,41,fa,86,8c,21,01,be,91,eb,e7,19,c3,b1,0b,79,7d,7a,7d,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,05,99,1e,3c,43,
f3,0d,b2,f5,1d,4d,73,a8,13,5c,05,fe,b8,d0,bd,3e,f1,49,9e,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,3e,82,10,c5,a4,
a4,1b,3b,df,20,58,62,78,6b,cf,c8,eb,82,62,4a,5e,c1,bf,12,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,a5,5e,28,9a,f5,
7b,34,9f,fb,a7,78,e6,12,2f,9a,ea,e5,3f,91,61,9c,58,34,6c,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,73,5a,ef,32,80,
68,e9,03,01,3a,48,fc,e8,04,4a,f1,58,52,5f,53,ef,fb,e3,c4,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,11,d5,b1,60,7a,
7e,a1,fd,f6,0f,4e,58,98,5b,89,c9,95,96,47,ae,9e,b4,d1,43,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,f3,0b,26,20,40,
60,1a,79,3d,ce,ea,26,2d,45,aa,78,35,f1,a8,79,45,a5,ed,30,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,89,57,53,8e,b8,
c7,76,51,2a,b7,cc,b5,b9,7f,41,e7,3f,09,e2,1d,be,00,bd,a5,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,db,74,c9,c6,83,
e9,02,05,6c,43,2d,1e,aa,22,2f,9c,9d,32,83,cc,4e,7e,9e,e6,6c,43,2d,1e,aa,22,\
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'explorer.exe'(744)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2009-04-15 20:30 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2009-04-15 18:30
ComboFix2.txt 2009-04-15 16:57
ComboFix3.txt 2009-04-13 21:35

Pre-Run: 12 015 153 152 bytes free
Post-Run: 12,005,265,408 byte ledig

291 --- E O F --- 2009-03-20 23:04