Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan horse Dropper.Generic2.AXMW

Started by Iversen , Sep 26 2010 03:24 PM

  • This topic is locked This topic is locked

#1
Iversen
Posted 26 September 2010 - 03:24 PM

Iversen

    Member

  • Member
  • PipPip
  • 13 posts
The topic title says it all, My computer is infected by a virus. My AVG gives the following result:

File: C:\WINDOWS\system32\ntdevice.exe (3216):\memory_00400000
Result/infection: Trojan horse Dropper.Generic2.AXMW

Object is inaccesible.

...and I don't know what to do.
  • 0

Advertisements

#2
maliprog
Posted 27 September 2010 - 05:10 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Iversen and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start cleaning your PC you must print or save to Desktop (in .txt file) this instructions so you can access it in Safe Mode with no internet connection.

NOTE:
  • Be advised that I am still in training, so there may be a delay between replies. Each reply must be approved by a resident expert before I will be allowed to post them to you.
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%*.*
%systemroot%system32*.wt
%systemroot%system32*.ruy
%systemroot%Fonts*.com
%systemroot%Fonts*.dll
%systemroot%Fonts*.ini
%systemroot%Fonts*.ini2
%systemroot%Fonts*.exe
%systemroot%system32spoolprtprocsw32x86*.*
%systemroot%REPAIR*.bak1
%systemroot%REPAIR*.ini
%systemroot%system32*.jpg 
%systemroot%*.jpg 
%systemroot%*.png 
%systemroot%*.scr
%systemroot%*._sy
%APPDATA%AdobeUpdate*.*
%ALLUSERSPROFILE%Favorites*.*
%APPDATA%Microsoft*.*
%PROGRAMFILES%*.*
%APPDATA%Update*.*
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%System32config*.sav 
%PROGRAMFILES%|bak;true;false;false /fp
%systemroot%system32|bak;true;false;false /fp
%ALLUSERSPROFILE%Start Menu*.lnk /x 
%systemroot%system32configsystemprofile*.dat /x
%systemroot%*.config
%systemroot%system32*.db
HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please make sure you include the following items:

  • OTL log
  • OTL Extras log
  • GMER log

It would be helpful if you could post each log in separate post
  • 0

#3
Iversen
Posted 27 September 2010 - 09:36 AM

Iversen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL logfile created on: 27.09.2010 17:32:02 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Espen og Tia\Skrivebord
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 77,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 698,63 Gb Total Space | 506,60 Gb Free Space | 72,51% Space Free | Partition Type: NTFS
Drive D: | 4,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SMURF
Current User Name: Espen og Tia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.09.27 17:29:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Espen og Tia\Skrivebord\OTL.scr
PRC - [2010.09.27 17:22:58 | 000,089,600 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Lokale innstillinger\Temp\dwm.exe
PRC - [2010.09.27 17:22:55 | 000,168,960 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\Windows\shell.exe
PRC - [2010.09.27 17:19:54 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\svchost.exe
PRC - [2010.09.24 08:05:29 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG9\avgnsx.exe
PRC - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.08.10 15:10:58 | 002,349,776 | ---- | M] (IObit) -- C:\Programfiler\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010.07.18 18:39:32 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG9\avgtray.exe
PRC - [2010.07.18 18:39:30 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG9\avgrsx.exe
PRC - [2010.07.18 18:39:28 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG9\avgwdsvc.exe
PRC - [2010.07.18 18:39:25 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG9\avgchsvx.exe
PRC - [2010.07.18 18:39:25 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG9\avgcsrvx.exe
PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe
PRC - [2009.09.08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Programfiler\Canon\CAL\CALMAIN.exe
PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programfiler\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.02.06 18:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Live\Contacts\wlcomm.exe
PRC - [2008.12.03 14:37:00 | 000,189,168 | ---- | M] (Telenor) -- C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe
PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.10.05 18:22:22 | 007,434,240 | ---- | M] (OpenOffice.org) -- C:\Programfiler\OpenOffice.org 3\program\soffice.exe
PRC - [2008.10.05 18:22:22 | 007,430,144 | ---- | M] (OpenOffice.org) -- C:\Programfiler\OpenOffice.org 3\program\soffice.bin
PRC - [2008.08.14 21:29:11 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008.01.16 12:21:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.08.22 14:33:26 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.01 11:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.01 11:21:30 | 000,271,920 | ---- | M] (Nero AG) -- C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe
PRC - [2007.06.01 11:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.03.26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) -- C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007.03.23 13:20:52 | 000,227,328 | ---- | M] (Nokia) -- C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2006.12.18 15:34:36 | 000,868,352 | ---- | M] (Analog Devices, Inc.) -- C:\Programfiler\Analog Devices\Core\smax4pnp.exe
PRC - [2006.08.17 11:32:10 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
PRC - [2006.08.17 11:32:04 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2006.08.17 11:28:14 | 000,729,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
PRC - [2006.01.19 16:21:42 | 000,684,032 | ---- | M] (JensenScandinavia) -- C:\Programfiler\JensenScandinavia\Jensen AirLink 7554 Wlan Utility\Installer\WINXP\AWU.exe


========== Modules (SafeList) ==========

MOD - [2010.09.27 17:29:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Espen og Tia\Skrivebord\OTL.scr
MOD - [2009.07.20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Programfiler\Logitech\SetPoint\lgscroll.dll
MOD - [2009.07.12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2007.08.22 14:35:30 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006.08.17 11:32:04 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2004.08.04 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.08.13 09:12:02 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programfiler\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010.07.18 18:39:28 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programfiler\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.09.08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programfiler\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009.08.07 12:43:04 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programfiler\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009.08.05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.08.14 21:29:11 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008.01.16 12:21:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programfiler\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.06.01 11:21:30 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007.03.26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.02.10 15:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2007.02.10 15:29:47 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.10.14 12:50:19 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programfiler\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005.02.09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ESPENO~1\LOKALE~1\Temp\o1394bul.sys -- (o1394bul)
DRV - [2010.07.18 18:39:31 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.07.18 18:39:25 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.06.03 09:51:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010.04.04 00:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.01.25 14:56:26 | 000,115,712 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm)
DRV - [2009.08.05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 18:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008.05.28 10:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Programfiler\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008.05.28 10:33:36 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programfiler\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008.05.28 10:33:36 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programfiler\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007.08.22 14:37:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2007.08.22 14:36:58 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2007.08.22 14:36:58 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2007.08.15 10:22:00 | 000,265,856 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007.07.12 17:49:16 | 000,096,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.01.16 03:09:06 | 000,293,888 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007.01.04 11:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006.10.30 11:31:58 | 000,043,648 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006.08.17 11:23:00 | 000,340,176 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2006.08.17 11:17:12 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006.08.17 11:17:10 | 000,500,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006.08.17 11:16:32 | 001,110,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006.08.17 11:15:00 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006.08.17 11:14:42 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006.08.17 11:14:38 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006.08.17 11:14:24 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006.06.16 09:30:16 | 000,176,128 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2006.03.17 11:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006.02.07 19:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2006.01.12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005.08.17 15:43:20 | 000,330,240 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2005.08.17 09:39:00 | 000,163,840 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2005.06.08 19:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BRGSp50.sys -- (BRGSp50)
DRV - [2005.01.07 18:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.10.25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004.08.13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com/?mkt=nb-no [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/?mkt=nb-no [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.no/ig"
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.6.7
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""
FF - user.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programfiler\AVG\AVG9\Firefox [2010.09.24 08:06:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programfiler\Mozilla Firefox\components [2010.09.27 00:01:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programfiler\Mozilla Firefox\plugins [2010.09.21 16:24:22 | 000,000,000 | ---D | M]

[2008.06.20 15:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Extensions
[2010.09.27 00:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions
[2010.03.27 15:28:03 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010.04.27 23:28:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.02 19:52:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.09.27 00:11:26 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2010.08.27 18:26:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009.09.24 07:38:34 | 000,000,000 | ---D | M] (MushroomKingdom) -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2010.09.27 00:11:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.03.14 16:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\[email protected]
[2010.02.01 19:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\[email protected]
[2010.09.10 18:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\[email protected]
[2010.09.27 00:13:16 | 000,000,000 | ---D | M] -- C:\Programfiler\Mozilla Firefox\extensions
[2007.11.08 16:02:09 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programfiler\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.05.07 17:13:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.07 14:08:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2007.12.05 07:13:55 | 000,000,000 | ---D | M] -- C:\Programfiler\Mozilla Firefox\extensions\[email protected]
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.01.18 00:00:17 | 000,390,512 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\plugins\npoctoshape.dll
[2010.06.25 21:01:47 | 000,001,525 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010.06.25 21:01:47 | 000,000,955 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\bok-NO.xml
[2010.06.25 21:01:47 | 000,000,968 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\qxl-NO.xml
[2010.06.25 21:01:47 | 000,001,203 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\telefonkatalogen-NO.xml
[2010.06.25 21:01:47 | 000,001,176 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\wikipedia-NO.xml
[2010.06.25 21:01:47 | 000,001,192 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\yahoo-NO.xml

O1 HOSTS File: ([2010.04.30 14:56:09 | 000,001,798 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programfiler\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Påloggingshjelp for Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Telenor Telenorhjelpen Plugin) - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll (Telenor)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Programfiler\Fellesfiler\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programfiler\Fellesfiler\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programfiler\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [rundll32] C:\WINDOWS\System32\ntdevice.exe File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [svchost] C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\svchost.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Programfiler\Fellesfiler\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Telenorhjelpen] C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe (Telenor)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Programfiler\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [rundll32] C:\Documents and Settings\Espen og Tia\userinit.exe File not found
O4 - HKCU..\Run: [Steam] C:\Programfiler\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Jensen AirLink 7554 Wlan Utility.lnk = C:\Programfiler\JensenScandinavia\Jensen AirLink 7554 Wlan Utility\Installer\WINXP\AWU.exe (JensenScandinavia)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Espen og Tia\Start-meny\Programmer\Oppstart\OpenOffice.org 3.0.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe ()
F3 - HKCU WinNT: Load - (C:\DOCUME~1\ESPENO~1\LOKALE~1\Temp\dwm.exe) - C:\Documents and Settings\Espen og Tia\Lokale innstillinger\Temp\dwm.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: E&ksporter til Microsoft Excel - C:\Programfiler\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Åpne i ny bakgrunnsflik - C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Åpne i ny forgrunnsflik - C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programfiler\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (Microgaming)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://tky09.celarte...ntrol_en_US.cab (DjVuCtl Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 130.67.15.198 193.213.112.4
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programfiler\Fellesfiler\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\WINDOWS\system32\ntdevice.exe) - C:\WINDOWS\System32\ntdevice.exe File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\Windows\shell.exe) - C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\Windows\shell.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\__c001B609: DllName - C:\WINDOWS\system32\__c001B609.dat - C:\WINDOWS\System32\__c001B609.dat File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programfiler\fellesfiler\logitech\bluetooth\LBTWlgn.dll - c:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Min gjeldende hjemmeside) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Espen og Tia\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Espen og Tia\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.01.21 19:50:00 | 000,000,093 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.04.20 22:37:17 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010.03.27 06:03:00 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{68ce571f-3f9e-11dd-8b08-001bfcce5369}\Shell - "" = AutoRun
O33 - MountPoints2\{68ce571f-3f9e-11dd-8b08-001bfcce5369}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027075282206720)

========== Files/Folders - Created Within 90 Days ==========

[2010.09.27 17:29:32 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Espen og Tia\Skrivebord\OTL.scr
[2010.09.26 23:59:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Espen og Tia\Siste
[2010.09.26 23:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\IObit
[2010.09.21 16:23:55 | 000,000,000 | ---D | C] -- C:\Programfiler\QuickTime
[2010.09.15 21:13:39 | 000,000,000 | ---D | C] -- C:\f5edf9d26d3beecfb9495daf5b7e
[2010.09.03 23:41:25 | 000,000,000 | ---D | C] -- C:\Programfiler\iPod
[2010.08.28 14:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Skrivebord\Installeringsprogram for Adobe 9 Reader
[2010.08.26 14:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Espen og Tia\Mine dokumenter\TIL OPPGRADER AT GMAIL DOT COM
[2010.08.24 22:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Espen og Tia\Logitech
[2010.08.24 22:36:56 | 000,000,000 | ---D | C] -- C:\Programfiler\Fellesfiler\Remote Control Software Common
[2010.08.24 22:36:46 | 000,000,000 | ---D | C] -- C:\Programfiler\Fellesfiler\Remote Control USB Driver
[2010.08.14 18:55:31 | 000,000,000 | ---D | C] -- C:\Programfiler\PC Connectivity Solution
[2010.08.14 18:52:46 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010.08.14 18:52:45 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010.08.14 18:52:45 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010.08.14 18:52:44 | 000,662,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2010.08.14 18:52:44 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010.08.14 16:20:06 | 000,000,000 | ---D | C] -- C:\Programfiler\Bonjour
[2010.08.14 06:34:10 | 000,000,000 | ---D | C] -- C:\Programfiler\Table Tennis Pro V2 Lite
[2010.08.13 04:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Espen og Tia\Skrivebord\Render
[2010.08.13 03:48:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Espen og Tia\Mine dokumenter\IMx3SEVer6
[2010.08.12 20:17:01 | 000,000,000 | ---D | C] -- C:\Programfiler\PIXELA
[2010.08.12 20:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\ZoomBrowser
[2010.08.12 20:13:07 | 000,000,000 | ---D | C] -- C:\Programfiler\Fellesfiler\Canon
[2010.07.31 13:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Espen og Tia\Skrivebord\Dubaifilm
[2010.07.18 18:39:30 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2007.11.07 20:52:04 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004.12.13 08:57:36 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL

========== Files - Modified Within 90 Days ==========

[2010.09.27 17:29:56 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Espen og Tia\NTUSER.DAT
[2010.09.27 17:29:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Espen og Tia\Skrivebord\OTL.scr
[2010.09.27 17:22:42 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.09.27 17:21:53 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.27 17:21:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.27 17:21:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.27 17:21:21 | 3488,731,136 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.27 17:20:23 | 000,064,900 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000001-00001102-00000005-00311102}.rfx
[2010.09.27 17:20:23 | 000,054,164 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00311102}.rfx
[2010.09.27 17:20:23 | 000,054,164 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000001-00001102-00000005-00311102}.rfx
[2010.09.27 17:20:23 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.09.27 17:20:23 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.09.27 17:20:06 | 021,990,614 | -H-- | M] () -- C:\Documents and Settings\Espen og Tia\Lokale innstillinger\Programdata\IconCache.db
[2010.09.27 15:46:04 | 065,362,881 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.09.27 02:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-SMURF-Espen og Tia.job
[2010.09.26 22:54:47 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Espen og Tia\ntuser.ini
[2010.09.26 16:23:50 | 000,013,348 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\BETALING FOR INNESESONG.ods
[2010.09.26 13:56:14 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.09.26 13:56:13 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.26 12:10:20 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenter\PCLECHAL.INI
[2010.09.23 01:58:48 | 000,010,993 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\kontakter
[2010.09.21 15:43:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.09.20 22:02:01 | 102,661,352 | ---- | M] () -- C:\backup.dpb
[2010.09.19 16:27:32 | 000,493,554 | ---- | M] () -- C:\WINDOWS\System32\perfh014.dat
[2010.09.19 16:27:32 | 000,490,746 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.19 16:27:32 | 000,098,708 | ---- | M] () -- C:\WINDOWS\System32\perfc014.dat
[2010.09.19 16:27:31 | 000,089,818 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.19 16:27:28 | 001,188,418 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.11 10:06:33 | 000,029,167 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\lapper2.pdf
[2010.09.11 10:06:26 | 000,009,998 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\lapper.odt
[2010.09.10 19:05:36 | 000,096,064 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\skattekart.jpg
[2010.09.10 18:17:21 | 002,571,478 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\arendal2.bmp
[2010.09.10 18:14:13 | 001,499,050 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\arendal.bmp
[2010.09.09 18:28:52 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\Operasjon Jungeldyr.doc
[2010.09.08 21:58:24 | 000,028,394 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\lapper.pdf
[2010.09.08 21:57:27 | 000,028,394 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Mine dokumenter\lapper.pdf
[2010.09.07 19:53:47 | 000,001,898 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\EA Download Manager.lnk
[2010.09.01 21:12:47 | 101,836,377 | ---- | M] () -- C:\backup.dpb.bak
[2010.08.24 22:37:28 | 000,001,989 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Logitech Harmony Remote Software 7.lnk
[2010.08.15 19:03:02 | 008,595,174 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Programdata\NMM-MetaData.db
[2010.08.14 18:56:47 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.08.14 18:56:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.08.13 04:59:53 | 000,000,017 | ---- | M] () -- C:\WINDOWS\MovingPicture.ini
[2010.08.12 20:21:23 | 000,002,094 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\ImageMixer 3 SE Ver.6 Programvareguide.lnk
[2010.08.12 20:20:54 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\ImageMixer 3 SE Player Ver.6.lnk
[2010.08.12 20:17:24 | 000,000,243 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\PIXELA produktregistrering.url
[2010.08.12 20:17:24 | 000,000,243 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Hjemmesiden til ImageMixer 3 SE.url
[2010.08.12 20:17:01 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\ImageMixer 3 SE Ver.6.lnk
[2010.08.12 20:15:15 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\CANON iMAGE GATEWAY Registration Guide.lnk
[2010.08.12 20:14:12 | 000,000,916 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\ZoomBrowser EX.lnk
[2010.08.08 14:52:26 | 003,629,569 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\Norway_Final_Guerilla.wmv
[2010.08.04 23:51:25 | 000,010,413 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\images.jpg
[2010.07.18 18:39:31 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.07.18 18:39:30 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.07.18 18:39:25 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

========== Files Created - No Company Name ==========

[2010.09.23 01:58:48 | 000,010,993 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\kontakter
[2010.09.11 10:06:33 | 000,029,167 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\lapper2.pdf
[2010.09.10 19:05:29 | 000,096,064 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\skattekart.jpg
[2010.09.10 18:17:21 | 002,571,478 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\arendal2.bmp
[2010.09.10 18:14:13 | 001,499,050 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\arendal.bmp
[2010.09.09 18:28:50 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\Operasjon Jungeldyr.doc
[2010.09.08 22:01:39 | 000,009,998 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\lapper.odt
[2010.09.08 21:58:24 | 000,028,394 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\lapper.pdf
[2010.09.08 21:57:27 | 000,028,394 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Mine dokumenter\lapper.pdf
[2010.09.07 19:53:47 | 000,001,898 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\EA Download Manager.lnk
[2010.08.24 22:37:28 | 000,001,989 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Logitech Harmony Remote Software 7.lnk
[2010.08.14 18:56:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.08.14 18:56:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.08.12 20:20:54 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\ImageMixer 3 SE Player Ver.6.lnk
[2010.08.12 20:17:29 | 000,002,094 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\ImageMixer 3 SE Ver.6 Programvareguide.lnk
[2010.08.12 20:17:24 | 000,000,243 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\PIXELA produktregistrering.url
[2010.08.12 20:17:24 | 000,000,243 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Hjemmesiden til ImageMixer 3 SE.url
[2010.08.12 20:17:01 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\ImageMixer 3 SE Ver.6.lnk
[2010.08.12 20:15:15 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\CANON iMAGE GATEWAY Registration Guide.lnk
[2010.08.12 20:14:12 | 000,000,916 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\ZoomBrowser EX.lnk
[2010.08.08 14:52:26 | 003,629,569 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\Norway_Final_Guerilla.wmv
[2010.08.04 23:51:23 | 000,010,413 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\images.jpg
[2009.11.09 19:11:35 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2009.11.09 00:46:52 | 000,007,060 | R--- | C] () -- C:\WINDOWS\System32\setparam.ini
[2009.11.09 00:46:52 | 000,007,060 | R--- | C] () -- C:\WINDOWS\setparam.ini
[2009.11.09 00:46:52 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\wunilog.ini
[2009.09.08 19:51:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009.08.21 19:26:00 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.08.21 19:26:00 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Programdata\PnkBstrK.sys
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009.06.24 17:53:49 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Programdata\setup.log
[2009.06.24 17:53:36 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Programdata\setup_ldm.iss
[2009.04.16 17:17:00 | 008,595,174 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Programdata\NMM-MetaData.db
[2008.11.13 08:32:45 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008.01.24 16:49:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008.01.24 16:49:33 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2008.01.22 14:08:09 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DVResampleru.dll
[2008.01.22 13:53:42 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\All Users\Programdata\__FileUploader.log
[2008.01.21 20:34:24 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2008.01.21 19:52:34 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Lokale innstillinger\Programdata\fusioncache.dat
[2008.01.21 19:50:00 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2008.01.21 19:50:00 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2008.01.21 19:50:00 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2008.01.21 19:50:00 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2008.01.21 19:50:00 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2007.12.05 07:13:53 | 000,888,832 | ---- | C] () -- C:\WINDOWS\System32\securenet.dll
[2007.11.20 00:31:15 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.11.19 21:54:45 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.11.19 17:15:29 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.13 21:57:21 | 000,001,365 | ---- | C] () -- C:\Documents and Settings\All Users\Programdata\QTSBandwidthCache
[2007.11.07 20:52:12 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007.11.07 20:52:11 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007.11.07 20:52:04 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2007.11.07 20:52:04 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2007.11.07 20:52:03 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2007.11.07 20:52:02 | 000,087,403 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007.11.07 20:52:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007.11.07 11:39:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.12.07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

========== LOP Check ==========

[2010.09.27 17:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\avg9
[2010.02.08 17:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Electronic Arts
[2009.11.08 20:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Emotum
[2010.08.14 18:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Installations
[2010.09.26 23:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\IObit
[2008.11.02 00:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\MumboJumbo
[2007.11.18 00:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\OLYMPUS
[2009.09.21 00:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\PC Suite
[2008.01.21 19:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Pinnacle
[2008.01.21 19:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Pinnacle Studio
[2010.06.26 17:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\regid.1986-12.com.adobe
[2009.10.14 21:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Sports Interactive
[2009.11.08 20:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Telenor
[2008.09.29 19:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\TEMP
[2010.01.04 20:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\VIZ_MPS
[2007.11.07 12:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010.05.16 19:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.11.27 19:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.05.12 15:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009.09.08 20:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Canon
[2007.11.19 22:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\DeepBurner
[2010.06.11 22:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Facebook
[2008.01.04 21:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\gtk-2.0
[2009.12.26 19:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\IObit
[2010.08.30 21:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Microgaming
[2009.11.23 17:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\My Games
[2009.04.16 17:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Nokia
[2008.11.07 17:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\OpenOffice.org
[2007.11.09 19:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Opera
[2009.04.05 19:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\PC Suite
[2008.01.21 20:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\proDAD
[2008.08.18 19:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\SPORE Creature Creator
[2009.10.31 02:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Sports Interactive
[2010.09.26 16:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Spotify
[2010.09.26 21:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\uTorrent

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%*.* >
[2004.08.04 14:00:00 | 000,260,272 | ---- | M] () -- C:\$LDR$
[2008.01.21 20:28:27 | 000,898,831 | ---- | M] () -- C:\adorage-protocol.txt
[2008.01.21 19:50:00 | 000,000,093 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010.09.20 22:02:01 | 102,661,352 | ---- | M] () -- C:\backup.dpb
[2010.09.01 21:12:47 | 101,836,377 | ---- | M] () -- C:\backup.dpb.bak
[2007.11.08 15:41:44 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004.08.04 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2007.11.07 12:05:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010.09.27 17:21:21 | 3488,731,136 | -HS- | M] () -- C:\hiberfil.sys
[2007.11.07 12:05:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007.11.07 12:05:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004.08.04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004.08.04 14:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2007.01.11 19:17:36 | 000,065,536 | ---- | M] (Getronics Belux) -- C:\OemPnPDriversPathCreator.exe
[2010.09.27 17:21:20 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007.11.07 11:37:32 | 000,012,922 | ---- | M] () -- C:\Report.txt
[2007.11.07 12:12:11 | 000,000,580 | ---- | M] () -- C:\RHDSetup.log
[2007.08.22 14:37:05 | 000,473,509 | ---- | M] () -- C:\txtsetup.sif
[2008.08.11 20:36:12 | 000,000,156 | ---- | M] () -- C:\xcrashdump.dat

< %systemroot%system32*.wt >

< %systemroot%system32*.ruy >

< %systemroot%Fonts*.com >

< %systemroot%Fonts*.dll >

< %systemroot%Fonts*.ini >

< %systemroot%Fonts*.ini2 >

< %systemroot%Fonts*.exe >

< %systemroot%system32spoolprtprocsw32x86*.* >

< %systemroot%REPAIR*.bak1 >

< %systemroot%REPAIR*.ini >

< %systemroot%system32*.jpg >

< %systemroot%*.jpg >

< %systemroot%*.png >

< %systemroot%*.scr >
[2009.07.10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%*._sy >

< %APPDATA%AdobeUpdate*.* >

< %ALLUSERSPROFILE%Favorites*.* >

< %APPDATA%Microsoft*.* >

< %PROGRAMFILES%*.* >

< %APPDATA%Update*.* >

< %systemroot%*. /mp /s >

< %systemroot%System32config*.sav >

< %PROGRAMFILES%|bak;true;false;false /fp >
[2007.11.07 12:03:49 | 000,000,000 | ---D | M] -- C:\Programfiler\Fellesfiler\Microsoft Shared\Meldingsbakgrunn
[2008.01.21 19:52:49 | 000,000,000 | ---D | M] -- C:\Programfiler\Pinnacle\Studio 11\Sound Effects\Bakgrunn

< %systemroot%system32|bak;true;false;false /fp >
[2008.09.06 08:20:06 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\CatRoot_bak

< %ALLUSERSPROFILE%Start Menu*.lnk /x >
[2007.11.08 15:41:45 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2007.11.19 21:47:50 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG

< %systemroot%system32configsystemprofile*.dat /x >
[2010.09.27 17:21:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\0.log
[2005.05.03 18:43:28 | 000,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe
[2006.05.04 16:26:36 | 002,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2004.08.04 14:00:00 | 000,001,272 | ---- | M] () -- C:\WINDOWS\Blå tapet 16.bmp
[2004.08.04 14:00:00 | 000,065,978 | ---- | M] () -- C:\WINDOWS\Bobler.bmp
[2010.09.27 17:21:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2004.08.04 14:00:00 | 000,082,944 | ---- | M] () -- C:\WINDOWS\clock.avi
[2007.11.07 12:05:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2006.08.17 11:31:42 | 000,010,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTDCRES.DLL
[2004.06.25 10:47:10 | 003,377,466 | ---- | M] () -- C:\WINDOWS\CTDV10K1.CDF
[2001.11.15 15:25:52 | 003,735,544 | ---- | M] () -- C:\WINDOWS\CTDV10K2.CDF
[2005.01.03 12:18:12 | 004,958,588 | ---- | M] () -- C:\WINDOWS\CTDVAUDY.CDF
[2006.08.17 11:32:04 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
[2004.08.04 14:00:00 | 000,000,002 | ---- | M] () -- C:\WINDOWS\desktop.ini
[2007.08.22 14:33:26 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2004.08.04 14:00:00 | 000,000,080 | ---- | M] () -- C:\WINDOWS\explorer.scf
[2005.12.02 12:46:40 | 000,000,084 | ---- | M] () -- C:\WINDOWS\filespec7x
[2004.08.04 14:00:00 | 000,016,730 | ---- | M] () -- C:\WINDOWS\Fjær.bmp
[2004.08.04 14:00:00 | 000,017,336 | ---- | M] () -- C:\WINDOWS\Fluefisker.bmp
[2007.08.22 14:33:28 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\hh.exe
[2007.11.07 12:11:34 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe
[2006.08.17 11:33:40 | 000,011,776 | ---- | M] (Creative Technology Limited) -- C:\WINDOWS\INRES.DLL
[1998.10.29 17:45:06 | 000,306,688 | ---- | M] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2004.08.04 14:00:00 | 000,026,582 | ---- | M] () -- C:\WINDOWS\Jade.bmp
[2004.08.04 14:00:00 | 000,017,062 | ---- | M] () -- C:\WINDOWS\Kaffekopp.bmp
[2007.06.28 16:44:14 | 002,165,760 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2006.08.17 11:10:32 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\MIDIDEF.EXE
[2010.08.13 04:59:53 | 000,000,017 | ---- | M] () -- C:\WINDOWS\MovingPicture.ini
[2008.01.20 12:38:20 | 000,001,283 | ---- | M] () -- C:\WINDOWS\mozver.dat
[2004.08.04 14:00:00 | 000,001,405 | ---- | M] () -- C:\WINDOWS\msdfmap.ini
[2010.09.26 13:56:14 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2004.08.04 14:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE
[2007.11.08 16:02:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2007.11.07 12:04:43 | 000,004,249 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009.09.08 19:51:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\OpPrintServer.INI
[2004.08.04 14:00:00 | 000,026,680 | ---- | M] () -- C:\WINDOWS\Pastell.bmp
[2009.08.11 17:44:02 | 000,000,059 | ---- | M] () -- C:\WINDOWS\pp.enc
[2006.08.17 11:32:08 | 000,034,304 | ---- | M] () -- C:\WINDOWS\PSCONV.EXE
[2008.04.24 19:33:33 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008.07.12 12:02:10 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2006.08.17 11:32:16 | 000,035,840 | ---- | M] (Creative Technology Limited) -- C:\WINDOWS\READREG.EXE
[2004.08.04 14:00:00 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe
[2007.11.08 15:31:21 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2004.08.04 14:00:00 | 000,017,362 | ---- | M] () -- C:\WINDOWS\Rododendron.bmp
[2004.02.24 14:04:48 | 000,041,219 | ---- | M] (Pinnacle Systems) -- C:\WINDOWS\RSETPATH.exe
[2007.09.19 18:14:58 | 016,844,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2007.03.23 19:19:10 | 009,715,200 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.exe
[2007.07.26 17:09:20 | 000,520,192 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2007.07.26 18:06:22 | 001,191,936 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2004.08.04 14:00:00 | 000,065,832 | ---- | M] () -- C:\WINDOWS\Santa Fe.bmp
[2010.09.27 17:20:18 | 000,032,506 | ---- | M] () -- C:\WINDOWS\SchedLgU.Txt
[2005.08.17 09:39:00 | 000,007,060 | R--- | M] () -- C:\WINDOWS\setparam.ini
[2010.09.27 17:20:14 | 000,001,339 | ---- | M] () -- C:\WINDOWS\setupapi.log
[2009.10.18 17:37:58 | 001,025,183 | ---- | M] () -- C:\WINDOWS\setupapi.log.0.old
[2009.10.18 18:20:39 | 001,025,111 | ---- | M] () -- C:\WINDOWS\setupapi.log.1.old
[2009.10.19 22:53:58 | 001,024,101 | ---- | M] () -- C:\WINDOWS\setupapi.log.10.old
[2009.10.19 23:34:06 | 001,024,858 | ---- | M] () -- C:\WINDOWS\setupapi.log.11.old
[2009.10.20 17:18:55 | 001,025,402 | ---- | M] () -- C:\WINDOWS\setupapi.log.12.old
[2009.10.20 17:58:21 | 001,024,739 | ---- | M] () -- C:\WINDOWS\setupapi.log.13.old
[2009.10.20 18:37:05 | 001,025,111 | ---- | M] () -- C:\WINDOWS\setupapi.log.14.old
[2009.10.20 19:15:33 | 001,025,310 | ---- | M] () -- C:\WINDOWS\setupapi.log.15.old
[2009.10.20 19:53:33 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.16.old
[2009.10.21 18:52:44 | 001,024,009 | ---- | M] () -- C:\WINDOWS\setupapi.log.17.old
[2009.10.21 19:34:13 | 001,024,840 | ---- | M] () -- C:\WINDOWS\setupapi.log.18.old
[2009.10.21 20:16:31 | 001,024,858 | ---- | M] () -- C:\WINDOWS\setupapi.log.19.old
[2009.10.18 19:00:06 | 001,024,807 | ---- | M] () -- C:\WINDOWS\setupapi.log.2.old
[2009.10.21 20:58:23 | 001,025,411 | ---- | M] () -- C:\WINDOWS\setupapi.log.20.old
[2009.10.21 21:38:02 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.21.old
[2009.10.21 22:17:53 | 001,024,316 | ---- | M] () -- C:\WINDOWS\setupapi.log.22.old
[2009.10.22 18:01:39 | 001,025,261 | ---- | M] () -- C:\WINDOWS\setupapi.log.23.old
[2009.10.22 22:56:07 | 001,025,181 | ---- | M] () -- C:\WINDOWS\setupapi.log.24.old
[2009.10.22 23:34:47 | 001,025,111 | ---- | M] () -- C:\WINDOWS\setupapi.log.25.old
[2009.10.23 00:12:43 | 001,024,973 | ---- | M] () -- C:\WINDOWS\setupapi.log.26.old
[2009.10.23 00:50:58 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.27.old
[2009.10.23 01:28:29 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.28.old
[2009.10.23 02:06:32 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.29.old
[2009.10.18 19:41:12 | 001,024,202 | ---- | M] () -- C:\WINDOWS\setupapi.log.3.old
[2009.10.23 02:45:13 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.30.old
[2009.10.23 03:23:52 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.31.old
[2009.10.23 04:03:15 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.32.old
[2009.10.23 04:42:07 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.33.old
[2009.10.23 05:21:28 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.34.old
[2009.10.23 06:00:16 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.35.old
[2009.10.23 06:37:33 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.36.old
[2009.10.23 07:15:37 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.37.old
[2009.10.23 07:53:44 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.38.old
[2009.10.23 08:32:33 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.39.old
[2009.10.18 20:22:03 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.4.old
[2009.10.23 09:12:05 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.40.old
[2009.10.23 09:50:42 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.41.old
[2009.10.23 10:28:02 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.42.old
[2009.10.23 11:05:07 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.43.old
[2009.10.23 11:43:34 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.44.old
[2009.10.23 12:23:07 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.45.old
[2009.10.23 13:03:00 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.46.old
[2009.10.23 13:43:46 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.47.old
[2009.10.23 14:23:41 | 001,024,336 | ---- | M] () -- C:\WINDOWS\setupapi.log.48.old
[2009.10.23 15:01:49 | 001,024,753 | ---- | M] () -- C:\WINDOWS\setupapi.log.49.old
[2009.10.18 21:06:07 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.5.old
[2009.10.23 15:41:11 | 001,024,753 | ---- | M] () -- C:\WINDOWS\setupapi.log.50.old
[2009.10.23 16:20:14 | 001,024,753 | ---- | M] () -- C:\WINDOWS\setupapi.log.51.old
[2009.10.23 16:59:31 | 001,024,753 | ---- | M] () -- C:\WINDOWS\setupapi.log.52.old
[2009.10.23 17:40:49 | 001,024,753 | ---- | M] () -- C:\WINDOWS\setupapi.log.53.old
[2009.10.23 18:20:41 | 001,024,753 | ---- | M] () -- C:\WINDOWS\setupapi.log.54.old
[2009.10.23 19:02:53 | 001,024,753 | ---- | M] () -- C:\WINDOWS\setupapi.log.55.old
[2009.10.26 21:23:39 | 001,025,080 | ---- | M] () -- C:\WINDOWS\setupapi.log.56.old
[2009.10.26 22:03:48 | 001,024,772 | ---- | M] () -- C:\WINDOWS\setupapi.log.57.old
[2009.10.26 22:43:03 | 001,024,858 | ---- | M] () -- C:\WINDOWS\setupapi.log.58.old
[2009.10.26 23:22:53 | 001,025,343 | ---- | M] () -- C:\WINDOWS\setupapi.log.59.old
[2009.10.18 21:52:03 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.6.old
[2009.10.27 00:04:06 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.60.old
[2009.10.27 00:45:25 | 001,024,316 | ---- | M] () -- C:\WINDOWS\setupapi.log.61.old
[2009.10.18 22:36:32 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.7.old
[2009.10.18 23:17:15 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.8.old
[2009.10.18 23:55:50 | 001,024,063 | ---- | M] () -- C:\WINDOWS\setupapi.log.9.old
[2007.08.03 13:22:02 | 001,826,816 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2007.11.07 11:39:22 | 000,000,061 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2006.07.21 16:14:36 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
[2008.01.08 20:30:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Sti_Trace.log
[2004.08.04 14:00:00 | 000,065,954 | ---- | M] () -- C:\WINDOWS\Storm i vannglass.bmp
[2007.11.07 12:57:12 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2004.08.04 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2004.08.04 14:00:00 | 000,094,800 | ---- | M] (Twain-arbeidsgruppe) -- C:\WINDOWS\twain.dll
[2004.08.04 14:00:00 | 000,050,688 | ---- | M] (Twain-arbeidsgruppe) -- C:\WINDOWS\twain_32.dll
[2004.08.04 14:00:00 | 000,049,680 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_16.exe
[2004.08.04 14:00:00 | 000,025,600 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_32.exe
[2004.08.04 14:00:00 | 000,009,522 | ---- | M] () -- C:\WINDOWS\Ullteppe.bmp
[1999.03.23 10:12:34 | 000,299,520 | ---- | M] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2005.08.30 22:33:38 | 000,000,050 | ---- | M] () -- C:\WINDOWS\UNNeroBackItUp.cfg
[2007.03.20 22:22:04 | 000,972,336 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroBackItUp.exe
[2005.09.15 15:35:46 | 000,000,050 | ---- | M] () -- C:\WINDOWS\UNNeroMediaHome.cfg
[2007.06.01 11:23:46 | 000,972,336 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroMediaHome.exe
[2005.08.30 22:37:04 | 000,000,050 | ---- | M] () -- C:\WINDOWS\UNNeroShowTime.cfg
[2007.02.28 17:41:02 | 000,972,336 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroShowTime.exe
[2005.08.30 22:37:52 | 000,000,050 | ---- | M] () -- C:\WINDOWS\UNNeroVision.cfg
[2007.05.15 10:45:14 | 000,972,336 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroVision.exe
[2005.08.30 22:36:38 | 000,000,050 | ---- | M] () -- C:\WINDOWS\UNRecode.cfg
[2007.04.23 17:42:50 | 000,972,336 | ---- | M] (Nero AG) -- C:\WINDOWS\UNRecode.exe
[2007.11.07 12:03:22 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2007.11.07 12:03:22 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2004.08.04 14:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vmmreg32.dll
[2008.04.07 20:25:35 | 000,054,435 | ---- | M] () -- C:\WINDOWS\War3Unin.dat
[2008.04.07 20:25:31 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe
[2008.04.07 20:25:31 | 000,002,829 | ---- | M] () -- C:\WINDOWS\War3Unin.pif
[2010.09.27 17:21:33 | 000,000,159 | ---- | M] () -- C:\WINDOWS\wiadebug.log
[2010.09.27 17:21:28 | 000,000,050 | ---- | M] () -- C:\WINDOWS\wiaservc.log
[2010.01.06 01:23:42 | 000,000,674 | ---- | M] () -- C:\WINDOWS\win.ini
[2007.11.07 12:04:02 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010.09.27 17:22:25 | 001,673,362 | ---- | M] () -- C:\WINDOWS\WindowsUpdate.log
[2004.08.04 14:00:00 | 000,256,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhelp.exe
[2004.08.04 14:00:00 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe
[2004.08.04 14:00:00 | 000,048,680 | -HS- | M] () -- C:\WINDOWS\winnt.bmp
[2004.08.04 14:00:00 | 000,048,680 | -HS- | M] () -- C:\WINDOWS\winnt256.bmp
[2009.07.10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[2001.05.16 02:49:00 | 000,025,269 | ---- | M] () -- C:\WINDOWS\WMPrfAra.prx
[2001.05.16 02:48:00 | 000,000,083 | ---- | M] () -- C:\WINDOWS\WMPrfCHS.prx
[2001.05.16 02:48:00 | 000,000,077 | ---- | M] () -- C:\WINDOWS\WMPrfCHT.prx
[2001.05.16 02:48:00 | 000,018,878 | ---- | M] () -- C:\WINDOWS\wmprfcsy.prx
[2001.05.16 02:48:00 | 000,015,903 | ---- | M] () -- C:\WINDOWS\wmprfdan.prx
[2001.05.16 02:48:00 | 000,017,025 | ---- | M] () -- C:\WINDOWS\WMPrfDeu.prx
[2001.05.16 02:48:00 | 000,027,807 | ---- | M] () -- C:\WINDOWS\wmprfell.prx
[2001.05.16 02:49:00 | 000,017,953 | ---- | M] () -- C:\WINDOWS\wmprfesp.prx
[2001.05.16 02:49:00 | 000,016,265 | ---- | M] () -- C:\WINDOWS\wmprffin.prx
[2001.05.16 02:49:00 | 000,019,437 | ---- | M] () -- C:\WINDOWS\wmprffra.prx
[2001.05.16 02:49:00 | 000,020,481 | ---- | M] () -- C:\WINDOWS\wmprfheb.prx
[2001.05.16 02:49:00 | 000,019,751 | ---- | M] () -- C:\WINDOWS\wmprfhun.prx
[2001.05.16 02:49:00 | 000,017,830 | ---- | M] () -- C:\WINDOWS\wmprfita.prx
[2001.05.16 02:49:00 | 000,020,704 | ---- | M] () -- C:\WINDOWS\WMPrfJpn.prx
[2001.05.16 02:49:00 | 000,017,903 | ---- | M] () -- C:\WINDOWS\WMPrfKor.prx
[2001.05.16 02:49:00 | 000,016,398 | ---- | M] () -- C:\WINDOWS\wmprfnld.prx
[2004.08.04 14:00:00 | 000,033,844 | ---- | M] () -- C:\WINDOWS\wmprfNOR.prx
[2001.05.16 02:49:00 | 000,018,536 | ---- | M] () -- C:\WINDOWS\wmprfplk.prx
[2001.05.16 02:49:00 | 000,017,199 | ---- | M] () -- C:\WINDOWS\wmprfptb.prx
[2001.05.16 02:49:00 | 000,018,422 | ---- | M] () -- C:\WINDOWS\wmprfptg.prx
[2001.05.16 02:49:00 | 000,000,635 | ---- | M] () -- C:\WINDOWS\wmprfrus.prx
[2001.05.16 02:48:00 | 000,020,055 | ---- | M] () -- C:\WINDOWS\wmprfsky.prx
[2001.05.16 02:49:00 | 000,016,814 | ---- | M] () -- C:\WINDOWS\wmprfslv.prx
[2001.05.16 02:49:00 | 000,017,019 | ---- | M] () -- C:\WINDOWS\wmprfsve.prx
[2001.05.16 02:49:00 | 000,016,822 | ---- | M] () -- C:\WINDOWS\wmprftrk.prx
[2009.06.17 20:47:26 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2004.08.04 14:00:00 | 000,000,707 | ---- | M] () -- C:\WINDOWS\_default.pif

< %systemroot%*.config >

< %systemroot%system32*.db >

< HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU >

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Skrivebord:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Programdata\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 478 bytes -> C:\Documents and Settings\All Users\Programdata\TEMP:05EE1EEF
< End of report >
  • 0

#4
Iversen
Posted 27 September 2010 - 09:37 AM

Iversen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL Extras logfile created on: 27.09.2010 17:32:02 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Espen og Tia\Skrivebord
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 77,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 698,63 Gb Total Space | 506,60 Gb Free Space | 72,51% Space Free | Partition Type: NTFS
Drive D: | 4,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SMURF
Current User Name: Espen og Tia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programfiler\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programfiler\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programfiler\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programfiler\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programfiler\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programfiler\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Programfiler\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programfiler\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programfiler\Windows Live\Messenger\wlcsdk.exe" = C:\Programfiler\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programfiler\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programfiler\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Programfiler\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Programfiler\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programfiler\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programfiler\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programfiler\uTorrent\uTorrent.exe" = C:\Programfiler\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programfiler\Eidos\Pyro Studios\Commandos 3 - Destination Berlin\commandos3.exe" = C:\Programfiler\Eidos\Pyro Studios\Commandos 3 - Destination Berlin\commandos3.exe:*:Enabled:commandos3 -- ()
"C:\Programfiler\mIRC\mirc.exe" = C:\Programfiler\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Programfiler\Octoshape Streaming Services\Espen og Tia\OctoshapeClient.exe" = C:\Programfiler\Octoshape Streaming Services\Espen og Tia\OctoshapeClient.exe:*:Enabled:OctoshapeClient -- ()
"C:\Programfiler\Pinnacle\Studio 11\programs\RM.exe" = C:\Programfiler\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Programfiler\Pinnacle\Studio 11\programs\Studio.exe" = C:\Programfiler\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Programfiler\Pinnacle\Studio 11\programs\PMSRegisterFile.exe" = C:\Programfiler\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Programfiler\Pinnacle\Studio 11\programs\umi.exe" = C:\Programfiler\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Programfiler\Warcraft III\Warcraft III.exe" = C:\Programfiler\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Programfiler\Windows Live\Messenger\wlcsdk.exe" = C:\Programfiler\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programfiler\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programfiler\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Programfiler\Steam\steamapps\common\rome total war gold\RomeTW.exe" = C:\Programfiler\Steam\steamapps\common\rome total war gold\RomeTW.exe:*:Enabled:Rome: Total War Gold -- (The Creative Assembly Ltd)
"C:\Programfiler\Steam\steamapps\common\rome total war gold\RomeTW-BI.exe" = C:\Programfiler\Steam\steamapps\common\rome total war gold\RomeTW-BI.exe:*:Enabled:Rome: Total War Gold -- (The Creative Assembly Ltd)
"C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe" = C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe:*:Enabled:Telenorhjelpen -- (Telenor)
"C:\Documents and Settings\Espen og Tia\Mine dokumenter\Nedlastinger\Spotify Installer.exe" = C:\Documents and Settings\Espen og Tia\Mine dokumenter\Nedlastinger\Spotify Installer.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Programfiler\Opera\opera.exe" = C:\Programfiler\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programfiler\Steam\steamapps\common\football manager 2009\fm.exe" = C:\Programfiler\Steam\steamapps\common\football manager 2009\fm.exe:*:Enabled:Football Manager 2009 -- (Sports Interactive)
"C:\Programfiler\Spotify\spotify.exe" = C:\Programfiler\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Programfiler\Steam\steamapps\common\football manager 2010\fm.exe" = C:\Programfiler\Steam\steamapps\common\football manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"C:\Programfiler\AVG\AVG9\avgupd.exe" = C:\Programfiler\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programfiler\AVG\AVG9\avgnsx.exe" = C:\Programfiler\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programfiler\Java\jre6\bin\java.exe" = C:\Programfiler\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programfiler\Java\jre6\bin\javaw.exe" = C:\Programfiler\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programfiler\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Programfiler\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Programfiler\iTunes\iTunes.exe" = C:\Programfiler\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
"{03003C9D-5459-42E9-A6DD-017931ADE65A}" = Smartmenyer (Windows Live Toolbar)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{037E9698-C8E7-44A7-8F04-0234760B7F2D}" = OneCare Advisor (Windows Live Toolbar)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 21
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2DC2E882-3481-4968-A58E-41D64D42029E}" = Utvidelse for Windows Live Toolbar (Windows Live Toolbar)
"{2F952048-3220-4AC7-A206-D01EFC774BB2}" = Studio 11
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.2
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C9414-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon Camera WIA Driver
"{3A2AD071-AABD-4712-A43E-11D06BAA661D}" = ImageMixer 3 SE Ver.6 Transfer Utility
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EAC35F4-FF26-4123-9404-0B5B93DAB570}" = Microsoft .NET Framework 1.1 Norwegian Language Pack
"{45A1BF92-700A-4408-B95E-79F462E3D67D}" = Studio 11 Bonus DVD
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4ECA710C-B818-4751-A3B8-42C2D93922A8}" = Nokia Software Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{581CE7EA-A30D-0000-1211-088635773309}" = ZyDAS IEEE 802.11 b+g Wireless LAN - USB
"{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = EOS Capture 1.5
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DACFF82-576D-40AE-B392-93D2DA19234D}" = Vizrt Vizky version 1.5.8
"{5FF9BF51-8D22-4311-A5A9-8F2FF8E07DFE}" = Feed-detektor for Windows Live Toolbar (Windows Live Toolbar)
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}" = ImageMixer 3 SE Ver.6 Video Tools
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}" = The Sims™ Castaway Stories
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66EBD70F-A42C-475F-AEDF-277378151044}" = Nero 7 Essentials
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7E8F9A00-7DEA-48CF-8CDB-EB5B5DF721A1}" = Popup-blokkering (Windows Live Toolbar)
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8709C596-C0B4-415D-9281-AC846B39EA76}" = BIAS SoundSoap PE 2.1.1
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A790D33-7B42-4D82-8695-F912A7E0A94C}" = Telenorhjelpen
"{8CC42289-E228-4A35-B8A9-015242283BB2}" = Skapningsskaperen til SPORE™
"{90120000-0010-0414-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Norwegian (Bokmål)) 12
"{90120000-0015-0414-0000-0000000FF1CE}" = Microsoft Office Access MUI (Norwegian (Bokmål)) 2007
"{90120000-0015-0414-0000-0000000FF1CE}_PROHYBRIDR_{A651C900-ADDD-4CE1-8C66-25473194F530}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0414-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007
"{90120000-0016-0414-0000-0000000FF1CE}_PROHYBRIDR_{A651C900-ADDD-4CE1-8C66-25473194F530}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0414-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007
"{90120000-0018-0414-0000-0000000FF1CE}_PROHYBRIDR_{A651C900-ADDD-4CE1-8C66-25473194F530}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0414-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2007
"{90120000-0019-0414-0000-0000000FF1CE}_PROHYBRIDR_{A651C900-ADDD-4CE1-8C66-25473194F530}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0414-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2007
"{90120000-001A-0414-0000-0000000FF1CE}_PROHYBRIDR_{A651C900-ADDD-4CE1-8C66-25473194F530}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0414-0000-0000000FF1CE}" = Microsoft Office Word MUI (Norwegian (Bokmål)) 2007
"{90120000-001B-0414-0000-0000000FF1CE}_PROHYBRIDR_{A651C900-ADDD-4CE1-8C66-25473194F530}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2007
"{90120000-001F-0414-0000-0000000FF1CE}_PROHYBRIDR_{D3413506-02DD-4918-AB8B-A9939A14C2E8}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2007
"{90120000-001F-0814-0000-0000000FF1CE}_PROHYBRIDR_{1B70EF07-15AB-483B-B7DE-C60584A3F518}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0414-0000-0000000FF1CE}" = Microsoft Office Proofing (Norwegian (Bokmål)) 2007
"{90120000-006E-0414-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007
"{90120000-006E-0414-0000-0000000FF1CE}_PROHYBRIDR_{1F005547-336E-439D-846F-CE37BD507012}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40414-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Webkomponenter
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Drømmejobben
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{a86e0e5c-b53c-4682-918d-968772906072}" = Business Contact Manager for Outlook 2007 SP2
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1044-7B44-A93000000001}" = Adobe Reader 9.3 - Norsk
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B965A150-17AB-4EB1-AD98-33149DDBD928}" = Påloggingsassistent for Windows Live
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 Reisefeber
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C270BC04-1540-4673-960F-A546B2C860CD}" = Commandos 3 - Destination Berlin
"{C833B4B7-BE2D-4B06-8C03-D818D651B41C}" = Vis fliker (Windows Live Toolbar)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC874CBB-BD87-4126-9465-AE73BB62D6E0}" = Studio Ultimate
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7656D-79A7-4793-8A8B-22C8BC82AD76}" = OpenOffice.org 3.0
"{CF7C2683-9FBE-4223-84E7-43FED4912CD5}" = Microsoft .NET Framework 2.0 Language Pack - NOR
"{D14AE916-1B38-4AEA-885A-EE77317F9D99}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Celebration! Stuff
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F36944B7-D2DA-4752-921F-9939BBABB419}" = Jensen AirLink 7554 Wlan Utility
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}" = Commandos 2: Men of Courage
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows-driverpakke - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Atomic Clock Sync" = Atomic Clock Sync
"AVG9Uninstall" = AVG Free 9.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CAL" = Canon Camera Access Library
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner (remove only)
"Centrebet Poker" = Centrebet Poker
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DjVu" = Lizardtech DjVu Control (autoinstall)
"DV CIG Guide" = CANON iMAGE GATEWAY Registration Guide
"EA Download Manager" = EA Download Manager
"EAX Unified" = EAX Unified
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"FileZilla" = FileZilla (remove only)
"Fraps" = Fraps
"Hitman: Contracts" = Hitman: Contracts
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"InstallShield_{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon EOS-1D Mark II N WIA Driver
"InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = Canon Utilities EOS Capture 1.5
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.6.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - NOR" = Microsoft .NET Framework 2.0 Language Pack - NOR
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"mIRC" = mIRC
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PokerStars" = PokerStars
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"Screenshot Utility_is1" = Screenshot Utility version 1.0
"SiS163u" = 802.11g 54 Mbps Wireless USB Dongle
"Spotify" = Spotify
"Steam App 34000" = Football Manager 2010
"Steam App 4760" = Rome: Total War Gold
"SystemRequirementsLab" = System Requirements Lab
"Table Tennis Pro V2 Lite_is1" = Table Tennis Pro V2 Lite (V2.32)
"Telenorhjelpen" = Telenorhjelpen
"Unibet Poker" = Unibet Poker
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Arkiverer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"myVRnpapi" = Sesam Kart 3D NPAPI Viewer
"Octoshape Streaming Services" = Octoshape Streaming Services
"Poster Forge" = Poster Forge 1.01
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24.08.2010 13:38:15 | Computer Name = SMURF | Source = crypt32 | ID = 131083
Description = Kan ikke trekke ut tredjeparts rotliste fra automatisk oppdatert cab-fil
på: <http://www.download....uthrootstl.cab>
med feil: Et nødvendig sertifikat er ikke i gyldighetsperioden ved godkjenning
mot gjeldende systemklokke eller tidsstempelet i den signerte filen.

Error - 03.09.2010 17:36:33 | Computer Name = SMURF | Source = Bonjour Service | ID = 100
Description = 244: ERROR: read_msg errno 10054 (En eksisterende tilkobling ble tvangslukket
av den eksterne verten.)

Error - 03.09.2010 17:36:33 | Computer Name = SMURF | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (En eksisterende tilkobling ble tvangslukket
av den eksterne verten.)

Error - 03.09.2010 17:36:33 | Computer Name = SMURF | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (En eksisterende tilkobling ble tvangslukket
av den eksterne verten.)

Error - 03.09.2010 17:36:33 | Computer Name = SMURF | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (En eksisterende tilkobling ble tvangslukket
av den eksterne verten.)

Error - 03.09.2010 17:36:33 | Computer Name = SMURF | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (En eksisterende tilkobling ble tvangslukket
av den eksterne verten.)

Error - 03.09.2010 17:43:25 | Computer Name = SMURF | Source = MsiInstaller | ID = 10005
Description = Product: Apple Application Support -- A later version of Apple Application
Support is already installed on this computer.

Error - 03.09.2010 17:44:37 | Computer Name = SMURF | Source = MsiInstaller | ID = 10005
Description = Product: Apple Application Support -- A later version of Apple Application
Support is already installed on this computer.

Error - 16.09.2010 17:20:08 | Computer Name = SMURF | Source = Bonjour Service | ID = 100
Description = 248: ERROR: read_msg errno 10054 (En eksisterende tilkobling ble tvangslukket
av den eksterne verten.)

Error - 26.09.2010 18:04:39 | Computer Name = SMURF | Source = Application Error | ID = 1000
Description = Feilende program ntdevice.exe, versjon 7.35.7.1, feilende modul shlwapi.dll,
versjon 6.0.2900.3653, feiladresse 0x0001a9f8.

[ System Events ]
Error - 26.09.2010 16:52:05 | Computer Name = SMURF | Source = Service Control Manager | ID = 7034
Description = Tjenesten Canon Camera Access Library 8 stoppet uventet. Dette har
skjedd 1 gang(er).

Error - 26.09.2010 16:52:05 | Computer Name = SMURF | Source = Service Control Manager | ID = 7034
Description = Tjenesten SeaPort stoppet uventet. Dette har skjedd 1 gang(er).

Error - 26.09.2010 16:52:07 | Computer Name = SMURF | Source = Service Control Manager | ID = 7034
Description = Tjenesten ServiceLayer stoppet uventet. Dette har skjedd 1 gang(er).

Error - 26.09.2010 16:52:07 | Computer Name = SMURF | Source = Service Control Manager | ID = 7034
Description = Tjenesten NMIndexingService stoppet uventet. Dette har skjedd 1 gang(er).

Error - 26.09.2010 16:52:08 | Computer Name = SMURF | Source = Service Control Manager | ID = 7034
Description = Tjenesten iPod-tjeneste stoppet uventet. Dette har skjedd 1 gang(er).

Error - 26.09.2010 16:52:09 | Computer Name = SMURF | Source = Service Control Manager | ID = 7031
Description = Tjenesten AVG Free WatchDog ble uventet avbrutt. Den har gjort dette
1 gang(er). Følgende korrigerende handling vil bli utført om 0 millisekunder: Start
tjenesten på nytt.

Error - 26.09.2010 16:56:07 | Computer Name = SMURF | Source = SCardSvr | ID = 602
Description = Initialisering av WDM-leserdriveren kan ikke åpne leserenhet: Systemet
finner ikke angitt bane.

Error - 26.09.2010 17:02:47 | Computer Name = SMURF | Source = SCardSvr | ID = 602
Description = Initialisering av WDM-leserdriveren kan ikke åpne leserenhet: Systemet
finner ikke angitt bane.

Error - 26.09.2010 18:03:52 | Computer Name = SMURF | Source = SCardSvr | ID = 602
Description = Initialisering av WDM-leserdriveren kan ikke åpne leserenhet: Systemet
finner ikke angitt bane.

Error - 27.09.2010 11:21:26 | Computer Name = SMURF | Source = SCardSvr | ID = 602
Description = Initialisering av WDM-leserdriveren kan ikke åpne leserenhet: Systemet
finner ikke angitt bane.


< End of report >
  • 0

#5
Iversen
Posted 27 September 2010 - 01:10 PM

Iversen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-27 21:02:40
Windows 5.1.2600 Service Pack 2
Running: z5xqbflj.exe; Driver: C:\DOCUME~1\ESPENO~1\LOKALE~1\Temp\kxtdypog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6BA1380, 0x566445, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB43AFA00]

---- User code sections - GMER 1.0.15 ----

? C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\svchost.exe[1308] IMAGE_DOS_SIGNATURE not found;

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\svchost.exe[1308] @ C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\svchost.exe [KERNEL32.DLL!lstrcmpA] 335E5FFF
IAT C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\svchost.exe[1308] @ C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\svchost.exe [KERNEL32.DLL!VirtualAlloc] 05E85BCD
IAT C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\svchost.exe[1308] @ C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\svchost.exe [KERNEL32.DLL!lstrlenA] C9000038
IAT C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\svchost.exe[1308] @ C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\svchost.exe [KERNEL32.DLL!GetProcAddress] EC8B55C3
IAT C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\svchost.exe[1308] @ C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\svchost.exe [KERNEL32.DLL!LoadLibraryA] 5314EC83

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----
  • 0

#6
Iversen
Posted 27 September 2010 - 01:11 PM

Iversen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok, hope I did things the right way. :D The three logs are posted.

Also, thanks for the warm welcome, I really appreciate it!

(I suppose being redirected to pornand gambling sites is caused by this virus, btw?)

Edited by Iversen, 27 September 2010 - 01:53 PM.

  • 0

#7
maliprog
Posted 27 September 2010 - 11:03 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Iversen,

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ESPENO~1\LOKALE~1\Temp\o1394bul.sys -- (o1394bul)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
    O4 - HKLM..\Run: [rundll32] C:\WINDOWS\System32\ntdevice.exe File not found
    O4 - HKLM..\Run: [svchost] C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\svchost.exe ()
    O4 - HKCU..\Run: [rundll32] C:\Documents and Settings\Espen og Tia\userinit.exe File not found
    F3 - HKCU WinNT: Load - (C:\DOCUME~1\ESPENO~1\LOKALE~1\Temp\dwm.exe) - C:\Documents and Settings\Espen og Tia\Lokale innstillinger\Temp\dwm.exe ()
    O20 - HKLM Winlogon: Shell - (C:\WINDOWS\system32\ntdevice.exe) - C:\WINDOWS\System32\ntdevice.exe File not found
    O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\Windows\shell.exe) - C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\Windows\shell.exe ()
    O20 - Winlogon\Notify\__c001B609: DllName - C:\WINDOWS\system32\__c001B609.dat - C:\WINDOWS\System32\__c001B609.dat File not found

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [resethosts]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply.
Step 2


Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3


  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Please make sure you include the following items:

  • OTL fix log
  • Malwarebytes log
  • New OTL log
It would be helpful if you could post each log in separate post
  • 0

#8
Iversen
Posted 28 September 2010 - 12:19 AM

Iversen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok, log time:

All processes killed
========== OTL ==========
Service o1394bul stopped successfully!
Service o1394bul deleted successfully!
File C:\DOCUME~1\ESPENO~1\LOKALE~1\Temp\o1394bul.sys not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rundll32 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\svchost deleted successfully.
C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\svchost.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rundll32 deleted successfully.
C:\Documents and Settings\Espen og Tia\Lokale innstillinger\Temp\dwm.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\DOCUME~1\ESPENO~1\LOKALE~1\Temp\dwm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\WINDOWS\system32\ntdevice.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\Windows\shell.exe deleted successfully.
C:\Documents and Settings\Espen og Tia\Programdata\Microsoft\Windows\shell.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c001B609\ deleted successfully.
Invalid CLSID key: __c001B609
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Espen og Tia
->Temp folder emptied: 75115 bytes
->Temporary Internet Files folder emptied: 38649003 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 96490088 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 6012 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 129,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Espen og Tia
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.14.1 log created on 09282010_081455

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#9
Iversen
Posted 28 September 2010 - 12:27 AM

Iversen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4708

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

28.09.2010 08:27:09
mbam-log-2010-09-28 (08-27-09).txt

Scan type: Quick scan
Objects scanned: 158359
Time elapsed: 4 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\adver_id (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,c:\documents,and,settings\espen,og,tia\programdata\microsoft\windows\shell.exe,) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
Iversen
Posted 28 September 2010 - 12:34 AM

Iversen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL logfile created on: 28.09.2010 08:31:59 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Espen og Tia\Skrivebord
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 698,63 Gb Total Space | 506,71 Gb Free Space | 72,53% Space Free | Partition Type: NTFS
Drive D: | 4,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SMURF
Current User Name: Espen og Tia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.09.27 17:29:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Espen og Tia\Skrivebord\OTL.scr
PRC - [2010.09.24 08:05:29 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG9\avgnsx.exe
PRC - [2010.08.28 14:16:27 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programfiler\Steam\Steam.exe
PRC - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.07.18 18:39:32 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG9\avgtray.exe
PRC - [2010.07.18 18:39:30 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG9\avgrsx.exe
PRC - [2010.07.18 18:39:28 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG9\avgwdsvc.exe
PRC - [2010.07.18 18:39:25 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG9\avgchsvx.exe
PRC - [2010.07.18 18:39:25 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG9\avgcsrvx.exe
PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe
PRC - [2009.09.08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Programfiler\Canon\CAL\CALMAIN.exe
PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programfiler\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.02.06 18:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Live\Contacts\wlcomm.exe
PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.08.14 21:29:11 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008.01.16 12:21:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.08.22 14:33:26 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.01 11:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.01 11:21:30 | 000,271,920 | ---- | M] (Nero AG) -- C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe
PRC - [2007.06.01 11:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.03.26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) -- C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007.03.23 13:20:52 | 000,227,328 | ---- | M] (Nokia) -- C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2006.12.18 15:34:36 | 000,868,352 | ---- | M] (Analog Devices, Inc.) -- C:\Programfiler\Analog Devices\Core\smax4pnp.exe
PRC - [2006.08.17 11:32:10 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
PRC - [2006.08.17 11:32:04 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2006.08.17 11:28:14 | 000,729,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
PRC - [2006.01.19 16:21:42 | 000,684,032 | ---- | M] (JensenScandinavia) -- C:\Programfiler\JensenScandinavia\Jensen AirLink 7554 Wlan Utility\Installer\WINXP\AWU.exe


========== Modules (SafeList) ==========

MOD - [2010.09.27 17:29:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Espen og Tia\Skrivebord\OTL.scr
MOD - [2009.07.20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Programfiler\Logitech\SetPoint\lgscroll.dll
MOD - [2009.07.12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2007.08.22 14:35:30 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006.08.17 11:32:04 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2004.08.04 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.08.13 09:12:02 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programfiler\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010.07.18 18:39:28 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programfiler\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.09.08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programfiler\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009.08.07 12:43:04 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programfiler\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009.08.05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.08.14 21:29:11 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008.01.16 12:21:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programfiler\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.06.01 11:21:30 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007.03.26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.02.10 15:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2007.02.10 15:29:47 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.10.14 12:50:19 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programfiler\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005.02.09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)


========== Driver Services (SafeList) ==========

DRV - [2010.07.18 18:39:31 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.07.18 18:39:25 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.06.03 09:51:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010.04.04 00:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.01.25 14:56:26 | 000,115,712 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm)
DRV - [2009.08.05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 18:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008.05.28 10:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Programfiler\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008.05.28 10:33:36 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programfiler\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008.05.28 10:33:36 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programfiler\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007.08.22 14:37:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2007.08.22 14:36:58 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2007.08.22 14:36:58 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2007.08.15 10:22:00 | 000,265,856 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007.07.12 17:49:16 | 000,096,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.01.16 03:09:06 | 000,293,888 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007.01.04 11:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006.10.30 11:31:58 | 000,043,648 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006.08.17 11:23:00 | 000,340,176 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2006.08.17 11:17:12 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006.08.17 11:17:10 | 000,500,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006.08.17 11:16:32 | 001,110,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006.08.17 11:15:00 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006.08.17 11:14:42 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006.08.17 11:14:38 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006.08.17 11:14:24 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006.06.16 09:30:16 | 000,176,128 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2006.03.17 11:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006.02.07 19:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2006.01.12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005.08.17 15:43:20 | 000,330,240 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2005.08.17 09:39:00 | 000,163,840 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2005.06.08 19:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BRGSp50.sys -- (BRGSp50)
DRV - [2005.01.07 18:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.10.25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004.08.13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com/?mkt=nb-no [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/?mkt=nb-no [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.no/ig"
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.6.7
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""
FF - user.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programfiler\AVG\AVG9\Firefox [2010.09.24 08:06:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programfiler\Mozilla Firefox\components [2010.09.27 00:01:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programfiler\Mozilla Firefox\plugins [2010.09.21 16:24:22 | 000,000,000 | ---D | M]

[2008.06.20 15:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Extensions
[2010.09.27 21:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions
[2010.03.27 15:28:03 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010.04.27 23:28:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.02 19:52:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.09.27 00:11:26 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2010.08.27 18:26:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009.09.24 07:38:34 | 000,000,000 | ---D | M] (MushroomKingdom) -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2010.09.27 00:11:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.03.14 16:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\[email protected]
[2010.02.01 19:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\[email protected]
[2010.09.10 18:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Mozilla\Firefox\Profiles\glr0r90n.default\extensions\[email protected]
[2010.09.27 21:20:18 | 000,000,000 | ---D | M] -- C:\Programfiler\Mozilla Firefox\extensions
[2007.11.08 16:02:09 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programfiler\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.05.07 17:13:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.07 14:08:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2007.12.05 07:13:55 | 000,000,000 | ---D | M] -- C:\Programfiler\Mozilla Firefox\extensions\[email protected]
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.01.18 00:00:17 | 000,390,512 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\plugins\npoctoshape.dll
[2010.06.25 21:01:47 | 000,001,525 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010.06.25 21:01:47 | 000,000,955 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\bok-NO.xml
[2010.06.25 21:01:47 | 000,000,968 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\qxl-NO.xml
[2010.06.25 21:01:47 | 000,001,203 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\telefonkatalogen-NO.xml
[2010.06.25 21:01:47 | 000,001,176 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\wikipedia-NO.xml
[2010.06.25 21:01:47 | 000,001,192 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\yahoo-NO.xml

O1 HOSTS File: ([2010.09.28 08:15:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programfiler\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Påloggingshjelp for Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Telenor Telenorhjelpen Plugin) - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll (Telenor)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Programfiler\Fellesfiler\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programfiler\Fellesfiler\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programfiler\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programfiler\Fellesfiler\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Telenorhjelpen] C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe (Telenor)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Programfiler\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Steam] C:\Programfiler\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Jensen AirLink 7554 Wlan Utility.lnk = C:\Programfiler\JensenScandinavia\Jensen AirLink 7554 Wlan Utility\Installer\WINXP\AWU.exe (JensenScandinavia)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: E&ksporter til Microsoft Excel - C:\Programfiler\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Åpne i ny bakgrunnsflik - C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Åpne i ny forgrunnsflik - C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programfiler\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (Microgaming)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://tky09.celarte...ntrol_en_US.cab (DjVuCtl Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 130.67.15.198 193.213.112.4
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programfiler\Fellesfiler\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programfiler\fellesfiler\logitech\bluetooth\LBTWlgn.dll - c:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Min gjeldende hjemmeside) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Espen og Tia\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Espen og Tia\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.01.21 19:50:00 | 000,000,093 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.04.20 22:37:17 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010.03.27 06:03:00 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{68ce571f-3f9e-11dd-8b08-001bfcce5369}\Shell - "" = AutoRun
O33 - MountPoints2\{68ce571f-3f9e-11dd-8b08-001bfcce5369}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010.09.28 08:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Espen og Tia\Programdata\Malwarebytes
[2010.09.28 08:21:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.28 08:21:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\Malwarebytes
[2010.09.28 08:21:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.28 08:21:28 | 000,000,000 | ---D | C] -- C:\Programfiler\Malwarebytes' Anti-Malware
[2010.09.28 08:20:28 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Espen og Tia\Skrivebord\mbam-setup-1.46.exe
[2010.09.28 08:14:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.09.27 17:29:32 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Espen og Tia\Skrivebord\OTL.scr
[2010.09.26 23:59:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Espen og Tia\Siste
[2010.09.26 23:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\IObit
[2010.09.21 16:23:55 | 000,000,000 | ---D | C] -- C:\Programfiler\QuickTime
[2010.09.15 21:13:39 | 000,000,000 | ---D | C] -- C:\f5edf9d26d3beecfb9495daf5b7e
[2010.09.03 23:41:25 | 000,000,000 | ---D | C] -- C:\Programfiler\iPod
[2010.08.28 14:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Skrivebord\Installeringsprogram for Adobe 9 Reader
[2010.08.26 14:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Espen og Tia\Mine dokumenter\TIL OPPGRADER AT GMAIL DOT COM
[2010.08.24 22:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Espen og Tia\Logitech
[2010.08.24 22:36:56 | 000,000,000 | ---D | C] -- C:\Programfiler\Fellesfiler\Remote Control Software Common
[2010.08.24 22:36:46 | 000,000,000 | ---D | C] -- C:\Programfiler\Fellesfiler\Remote Control USB Driver
[2010.08.14 18:55:31 | 000,000,000 | ---D | C] -- C:\Programfiler\PC Connectivity Solution
[2010.08.14 18:52:46 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010.08.14 18:52:45 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010.08.14 18:52:45 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010.08.14 18:52:44 | 000,662,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2010.08.14 18:52:44 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010.08.14 16:20:06 | 000,000,000 | ---D | C] -- C:\Programfiler\Bonjour
[2010.08.14 06:34:10 | 000,000,000 | ---D | C] -- C:\Programfiler\Table Tennis Pro V2 Lite
[2010.08.13 04:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Espen og Tia\Skrivebord\Render
[2010.08.13 03:48:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Espen og Tia\Mine dokumenter\IMx3SEVer6
[2010.08.12 20:17:01 | 000,000,000 | ---D | C] -- C:\Programfiler\PIXELA
[2010.08.12 20:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\ZoomBrowser
[2010.08.12 20:13:07 | 000,000,000 | ---D | C] -- C:\Programfiler\Fellesfiler\Canon
[2010.07.31 13:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Espen og Tia\Skrivebord\Dubaifilm
[2010.07.18 18:39:30 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2007.11.07 20:52:04 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004.12.13 08:57:36 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL

========== Files - Modified Within 90 Days ==========

[2010.09.28 08:29:42 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.09.28 08:29:36 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.28 08:29:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.28 08:29:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.28 08:29:10 | 3488,731,136 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.28 08:28:14 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Espen og Tia\NTUSER.DAT
[2010.09.28 08:28:13 | 000,064,900 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000001-00001102-00000005-00311102}.rfx
[2010.09.28 08:28:13 | 000,054,164 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00311102}.rfx
[2010.09.28 08:28:13 | 000,054,164 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000001-00001102-00000005-00311102}.rfx
[2010.09.28 08:28:13 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.09.28 08:28:13 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.09.28 08:27:56 | 021,991,918 | -H-- | M] () -- C:\Documents and Settings\Espen og Tia\Lokale innstillinger\Programdata\IconCache.db
[2010.09.28 08:21:32 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes' Anti-Malware.lnk
[2010.09.28 08:20:37 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Espen og Tia\Skrivebord\mbam-setup-1.46.exe
[2010.09.28 08:15:44 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Espen og Tia\ntuser.ini
[2010.09.28 08:15:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010.09.28 02:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-SMURF-Espen og Tia.job
[2010.09.27 17:38:57 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\z5xqbflj.exe
[2010.09.27 17:29:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Espen og Tia\Skrivebord\OTL.scr
[2010.09.27 15:46:04 | 065,362,881 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.09.26 16:23:50 | 000,013,348 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\BETALING FOR INNESESONG.ods
[2010.09.26 13:56:14 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.09.26 13:56:13 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.26 12:10:20 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenter\PCLECHAL.INI
[2010.09.23 01:58:48 | 000,010,993 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\kontakter
[2010.09.21 15:43:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.09.20 22:02:01 | 102,661,352 | ---- | M] () -- C:\backup.dpb
[2010.09.19 16:27:32 | 000,493,554 | ---- | M] () -- C:\WINDOWS\System32\perfh014.dat
[2010.09.19 16:27:32 | 000,490,746 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.19 16:27:32 | 000,098,708 | ---- | M] () -- C:\WINDOWS\System32\perfc014.dat
[2010.09.19 16:27:31 | 000,089,818 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.19 16:27:28 | 001,188,418 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.11 10:06:33 | 000,029,167 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\lapper2.pdf
[2010.09.11 10:06:26 | 000,009,998 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\lapper.odt
[2010.09.10 19:05:36 | 000,096,064 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\skattekart.jpg
[2010.09.10 18:17:21 | 002,571,478 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\arendal2.bmp
[2010.09.10 18:14:13 | 001,499,050 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\arendal.bmp
[2010.09.09 18:28:52 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\Operasjon Jungeldyr.doc
[2010.09.08 21:58:24 | 000,028,394 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\lapper.pdf
[2010.09.08 21:57:27 | 000,028,394 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Mine dokumenter\lapper.pdf
[2010.09.07 19:53:47 | 000,001,898 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\EA Download Manager.lnk
[2010.09.01 21:12:47 | 101,836,377 | ---- | M] () -- C:\backup.dpb.bak
[2010.08.24 22:37:28 | 000,001,989 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Logitech Harmony Remote Software 7.lnk
[2010.08.15 19:03:02 | 008,595,174 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Programdata\NMM-MetaData.db
[2010.08.14 18:56:47 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.08.14 18:56:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.08.13 04:59:53 | 000,000,017 | ---- | M] () -- C:\WINDOWS\MovingPicture.ini
[2010.08.12 20:21:23 | 000,002,094 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\ImageMixer 3 SE Ver.6 Programvareguide.lnk
[2010.08.12 20:20:54 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\ImageMixer 3 SE Player Ver.6.lnk
[2010.08.12 20:17:24 | 000,000,243 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\PIXELA produktregistrering.url
[2010.08.12 20:17:24 | 000,000,243 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Hjemmesiden til ImageMixer 3 SE.url
[2010.08.12 20:17:01 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\ImageMixer 3 SE Ver.6.lnk
[2010.08.12 20:15:15 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\CANON iMAGE GATEWAY Registration Guide.lnk
[2010.08.12 20:14:12 | 000,000,916 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\ZoomBrowser EX.lnk
[2010.08.08 14:52:26 | 003,629,569 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\Norway_Final_Guerilla.wmv
[2010.08.04 23:51:25 | 000,010,413 | ---- | M] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\images.jpg
[2010.07.18 18:39:31 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.07.18 18:39:30 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.07.18 18:39:25 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

========== Files Created - No Company Name ==========

[2010.09.28 08:21:32 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes' Anti-Malware.lnk
[2010.09.27 17:38:57 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\z5xqbflj.exe
[2010.09.23 01:58:48 | 000,010,993 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\kontakter
[2010.09.11 10:06:33 | 000,029,167 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\lapper2.pdf
[2010.09.10 19:05:29 | 000,096,064 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\skattekart.jpg
[2010.09.10 18:17:21 | 002,571,478 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\arendal2.bmp
[2010.09.10 18:14:13 | 001,499,050 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\arendal.bmp
[2010.09.09 18:28:50 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\Operasjon Jungeldyr.doc
[2010.09.08 22:01:39 | 000,009,998 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\lapper.odt
[2010.09.08 21:58:24 | 000,028,394 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\lapper.pdf
[2010.09.08 21:57:27 | 000,028,394 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Mine dokumenter\lapper.pdf
[2010.09.07 19:53:47 | 000,001,898 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\EA Download Manager.lnk
[2010.08.24 22:37:28 | 000,001,989 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Logitech Harmony Remote Software 7.lnk
[2010.08.14 18:56:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.08.14 18:56:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.08.12 20:20:54 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\ImageMixer 3 SE Player Ver.6.lnk
[2010.08.12 20:17:29 | 000,002,094 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\ImageMixer 3 SE Ver.6 Programvareguide.lnk
[2010.08.12 20:17:24 | 000,000,243 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\PIXELA produktregistrering.url
[2010.08.12 20:17:24 | 000,000,243 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Hjemmesiden til ImageMixer 3 SE.url
[2010.08.12 20:17:01 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\ImageMixer 3 SE Ver.6.lnk
[2010.08.12 20:15:15 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\CANON iMAGE GATEWAY Registration Guide.lnk
[2010.08.12 20:14:12 | 000,000,916 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\ZoomBrowser EX.lnk
[2010.08.08 14:52:26 | 003,629,569 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\Norway_Final_Guerilla.wmv
[2010.08.04 23:51:23 | 000,010,413 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Skrivebord\images.jpg
[2009.11.09 19:11:35 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2009.11.09 00:46:52 | 000,007,060 | R--- | C] () -- C:\WINDOWS\System32\setparam.ini
[2009.11.09 00:46:52 | 000,007,060 | R--- | C] () -- C:\WINDOWS\setparam.ini
[2009.11.09 00:46:52 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\wunilog.ini
[2009.09.08 19:51:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009.08.21 19:26:00 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.08.21 19:26:00 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Programdata\PnkBstrK.sys
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009.06.24 17:53:49 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Programdata\setup.log
[2009.06.24 17:53:36 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Programdata\setup_ldm.iss
[2009.04.16 17:17:00 | 008,595,174 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Programdata\NMM-MetaData.db
[2008.11.13 08:32:45 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008.01.24 16:49:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008.01.24 16:49:33 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2008.01.22 14:08:09 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DVResampleru.dll
[2008.01.22 13:53:42 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\All Users\Programdata\__FileUploader.log
[2008.01.21 20:34:24 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2008.01.21 19:52:34 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Lokale innstillinger\Programdata\fusioncache.dat
[2008.01.21 19:50:00 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2008.01.21 19:50:00 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2008.01.21 19:50:00 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2008.01.21 19:50:00 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2008.01.21 19:50:00 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2007.12.05 07:13:53 | 000,888,832 | ---- | C] () -- C:\WINDOWS\System32\securenet.dll
[2007.11.20 00:31:15 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.11.19 21:54:45 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.11.19 17:15:29 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Espen og Tia\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.13 21:57:21 | 000,001,365 | ---- | C] () -- C:\Documents and Settings\All Users\Programdata\QTSBandwidthCache
[2007.11.07 20:52:12 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007.11.07 20:52:11 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007.11.07 20:52:04 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2007.11.07 20:52:04 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2007.11.07 20:52:03 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2007.11.07 20:52:02 | 000,087,403 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007.11.07 20:52:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007.11.07 11:39:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.12.07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

========== LOP Check ==========

[2010.09.27 17:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\avg9
[2010.02.08 17:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Electronic Arts
[2009.11.08 20:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Emotum
[2010.08.14 18:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Installations
[2010.09.26 23:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\IObit
[2008.11.02 00:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\MumboJumbo
[2007.11.18 00:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\OLYMPUS
[2009.09.21 00:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\PC Suite
[2008.01.21 19:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Pinnacle
[2008.01.21 19:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Pinnacle Studio
[2010.06.26 17:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\regid.1986-12.com.adobe
[2009.10.14 21:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Sports Interactive
[2009.11.08 20:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Telenor
[2008.09.29 19:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\TEMP
[2010.01.04 20:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\VIZ_MPS
[2007.11.07 12:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010.05.16 19:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.11.27 19:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.05.12 15:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009.09.08 20:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Canon
[2007.11.19 22:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\DeepBurner
[2010.06.11 22:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Facebook
[2008.01.04 21:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\gtk-2.0
[2009.12.26 19:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\IObit
[2010.08.30 21:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Microgaming
[2009.11.23 17:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\My Games
[2009.04.16 17:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Nokia
[2008.11.07 17:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\OpenOffice.org
[2007.11.09 19:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Opera
[2009.04.05 19:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\PC Suite
[2008.01.21 20:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\proDAD
[2008.08.18 19:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\SPORE Creature Creator
[2009.10.31 02:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Sports Interactive
[2010.09.26 16:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\Spotify
[2010.09.26 21:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Espen og Tia\Programdata\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Skrivebord:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Programdata\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 478 bytes -> C:\Documents and Settings\All Users\Programdata\TEMP:05EE1EEF
< End of report >
  • 0

Advertisements

#11
maliprog
Posted 28 September 2010 - 06:16 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Iversen,

How is your system now? Any problems?
  • 0

#12
Iversen
Posted 28 September 2010 - 08:26 AM

Iversen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi!

Had the computer on after doing that last bit, went for work and upon my return: 8 cases of detected threats... I have attached screenshots of the result.

scan1 is before I tried to remove, scan 2 is after.

Attached Thumbnails

  • scan1.png
  • scan2.png

  • 0

#13
maliprog
Posted 28 September 2010 - 01:15 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Iversen,

OK. We will try to fix that too.

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [CLEARALLRESTOREPOINTS]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply.

Step 2

Test your system now. Is there any problems?
  • 0

#14
Iversen
Posted 28 September 2010 - 02:37 PM

Iversen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
========== OTL ==========
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.14.1 log created on 09282010_223635
  • 0

#15
Iversen
Posted 28 September 2010 - 02:38 PM

Iversen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I have done the last fix, now I'll leave the computer as I go to bed (It's drawing near midnight here) and report back in the morning. :D
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP