Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus: UPS_DOCUMENT.EXE/UPS_DOCUMENT.ZIP


  • This topic is locked This topic is locked

#1
xharks

xharks

    Member

  • Member
  • PipPip
  • 17 posts
Hi,

By a mistake, I opened and downloaded the file ups_document.exe and I`m now sure that this is a virus.
Now i dont have access to the internet and my files are gone (but managed to get them back using unhide).

I have scanned with malwarebytes, norton and nether of these could find any threats.

Does any of you know how to get rid of this virus/trojan?

Thanks!
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets see what remains first

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
xharks

xharks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I tried to scan with OTL and after a while when the scan is complete, the error; Cannot find the E:/Extras.Txt file. Do you want to create a new file, comes up. The same error for E:/OTL.Txt file.

:)
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try a different approach

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

Then retry OTL for me there will only be one log this time
  • 0

#5
xharks

xharks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Got the OTL to work now, here`s OTL.Txt;

OTL logfile created on: 13.08.2011 21:46:41 - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\.....\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,39% Memory free
4,00 Gb Paging File | 2,71 Gb Available in Paging File | 67,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226,49 Gb Total Space | 93,00 Gb Free Space | 41,06% Space Free | Partition Type: NTFS
Drive D: | 6,39 Gb Total Space | 1,40 Gb Free Space | 21,84% Space Free | Partition Type: NTFS
Drive K: | 622,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 697,12 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ....... | User Name: ......... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.13 21:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\.....\Downloads\OTL.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.26 17:22:02 | 000,593,920 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011.04.04 10:22:31 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.03.22 16:15:39 | 000,189,824 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\Zlh.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.17 16:22:48 | 000,288,072 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nse\Bin\Nsesvc.exe
PRC - [2010.12.09 13:45:59 | 000,141,000 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nsc\Bin\nassvc32.exe
PRC - [2010.12.02 11:13:55 | 000,308,408 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe
PRC - [2010.11.30 16:10:46 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.11 13:43:28 | 000,075,104 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe
PRC - [2010.11.10 14:59:37 | 000,090,656 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Ngs\Bin\nprosec.exe
PRC - [2010.11.10 14:48:32 | 000,223,000 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Ngs\Bin\nnf.exe
PRC - [2010.11.10 09:48:14 | 000,262,247 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nig\Bin\niguser.exe
PRC - [2010.11.08 18:02:27 | 000,315,495 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npf\Bin\npfuser.exe
PRC - [2010.11.08 18:02:27 | 000,111,912 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe
PRC - [2010.11.08 18:02:27 | 000,099,312 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\scheduler.exe
PRC - [2010.11.08 17:56:34 | 000,336,304 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nig\Bin\nigsvc32.exe
PRC - [2010.11.08 17:56:34 | 000,290,472 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npf\Bin\npfsvc32.exe
PRC - [2010.11.08 17:56:34 | 000,198,168 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\Bin\Nvcoas.exe
PRC - [2010.11.08 17:56:34 | 000,182,712 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\Bin\Nip.exe
PRC - [2010.11.08 17:56:34 | 000,100,336 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\nvoy.exe
PRC - [2010.11.08 17:56:34 | 000,078,176 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nsc\Bin\NOELauncher.exe
PRC - [2010.11.08 17:56:34 | 000,074,592 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\Bin\CClaw.exe
PRC - [2010.08.17 11:44:58 | 000,099,904 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npt\Bin\npsvc32.exe
PRC - [2010.07.04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008.10.09 07:07:56 | 000,107,912 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE


========== Modules (SafeList) ==========

MOD - [2011.08.13 21:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\.......\Downloads\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010.11.08 17:56:34 | 000,251,240 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\Bin\Niphk.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.01.12 00:36:42 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2010.12.17 16:22:48 | 000,288,072 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Nse\Bin\NSESVC.EXE -- (nsesvc)
SRV - [2010.12.13 17:48:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.12.09 13:45:59 | 000,141,000 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\nsc\bin\nassvc32.exe -- (NASS)
SRV - [2010.12.02 11:13:55 | 000,308,408 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA)
SRV - [2010.11.11 13:43:28 | 000,075,104 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe -- (eLoggerSvc6)
SRV - [2010.11.10 14:59:37 | 000,090,656 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\Nprosec.exe -- (NPROSECSVC)
SRV - [2010.11.10 14:48:32 | 000,223,000 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\Nnf.exe -- (NNFSVC)
SRV - [2010.11.08 18:02:27 | 000,111,912 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe -- (Norman NJeeves)
SRV - [2010.11.08 18:02:27 | 000,099,312 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\scheduler.exe -- (Scheduler)
SRV - [2010.11.08 17:56:34 | 000,336,304 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\nig\bin\nigsvc32.exe -- (NIG)
SRV - [2010.11.08 17:56:34 | 000,290,472 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\npf\bin\npfsvc32.exe -- (NPFSvc32)
SRV - [2010.11.08 17:56:34 | 000,198,168 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Nvc\Bin\nvcoas.exe -- (nvcoas)
SRV - [2010.11.08 17:56:34 | 000,100,336 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\npm\bin\nvoy.exe -- (NVOY)
SRV - [2010.08.17 11:44:58 | 000,099,904 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npt\Bin\Npsvc32.exe -- (npsvc32)
SRV - [2010.03.25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.10.09 07:07:56 | 000,107,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007.05.31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011.08.13 10:11:44 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.08.13 10:11:03 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110813.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.08.13 10:11:03 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011.08.13 10:11:03 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.08.13 10:11:03 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110813.002\NAVENG.SYS -- (NAVENG)
DRV - [2011.08.12 08:32:30 | 000,367,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110812.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011.07.23 00:32:12 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110723.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.07.08 17:44:30 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SYMNETS.SYS -- (SymNetS)
DRV - [2011.03.31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011.03.31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011.03.15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011.01.27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010.12.13 18:58:15 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\WinUSB.SYS -- (WINUSB)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.16 03:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010.11.11 14:01:40 | 000,024,688 | ---- | M] (Norman ASA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\nvcv32mf.sys -- (NvcMFlt)
DRV - [2010.11.10 15:48:11 | 000,040,384 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\nregsec.sys -- (nregsec)
DRV - [2010.11.10 15:48:00 | 000,074,144 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Program Files\Norman\Ngs\Bin\nprosec.sys -- (NPROSEC)
DRV - [2010.11.10 15:47:28 | 000,061,472 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Windows\System32\drivers\ale_nf.sys -- (ALE_NF)
DRV - [2010.06.23 10:24:56 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.02.25 01:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2010.01.04 15:44:43 | 000,026,744 | ---- | M] (Norman ASA) [Kernel | System | Running] -- c:\Program Files\Norman\Ngs\Bin\ngs.sys -- (NGS)
DRV - [2009.12.03 17:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.10.09 14:24:40 | 000,022,880 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Nse\Bin\Ndiskio.sys -- (Ndiskio)
DRV - [2009.10.03 07:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009.06.25 17:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009.06.25 17:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009.06.25 17:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009.02.24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008.03.03 20:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.03.06 19:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.02.16 14:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-129522727-1406623530-2129584584-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
IE - HKU\S-1-5-21-129522727-1406623530-2129584584-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-129522727-1406623530-2129584584-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 9A 19 3D 6D 9A CB 01 [binary data]
IE - HKU\S-1-5-21-129522727-1406623530-2129584584-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - File not found
IE - HKU\S-1-5-21-129522727-1406623530-2129584584-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.no"
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\.......\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.08.13 10:16:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011.08.13 10:11:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.24 10:49:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.04 12:01:18 | 000,000,000 | ---D | M]

[2010.12.13 14:28:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\........\AppData\Roaming\Mozilla\Extensions
[2011.06.24 10:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\........\AppData\Roaming\Mozilla\Firefox\Profiles\9djpbfmq.default\extensions
[2011.06.24 10:49:25 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\.........\AppData\Roaming\Mozilla\Firefox\Profiles\9djpbfmq.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010.12.13 18:59:10 | 000,002,059 | ---- | M] () -- C:\Users\........\AppData\Roaming\Mozilla\Firefox\Profiles\9djpbfmq.default\searchplugins\daemon-search.xml
[2011.07.24 15:02:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.01.11 23:45:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.07.24 15:02:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\.......\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DJPBFMQ.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\.......\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DJPBFMQ.DEFAULT\EXTENSIONS\[email protected]
[2011.06.24 10:49:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.11.30 16:11:52 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - File not found
O3 - HKU\S-1-5-21-129522727-1406623530-2129584584-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-129522727-1406623530-2129584584-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NOELauncher] C:\Program Files\Norman\nsc\bin\noelauncher.exe (Norman ASA)
O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-129522727-1406623530-2129584584-1000..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-129522727-1406623530-2129584584-1000..\Run: [Spyware Doctor with AntiVirus] C:\Users\Gerhardsen\Desktop\sdasetup_revwire207.exe ()
O4 - Startup: C:\Users\.......\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O4 - Startup: C:\Users\.......\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-129522727-1406623530-2129584584-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-129522727-1406623530-2129584584-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.75.75.75 193.75.75.193 193.75.75.75
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2007.10.08 19:52:46 | 000,000,042 | R--- | M] () - K:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2005.10.13 23:23:46 | 000,045,056 | R--- | M] () - M:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.09.27 02:21:07 | 000,000,158 | R--- | M] () - M:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.08.13 12:11:22 | 000,000,000 | ---D | C] -- C:\Users\.......\AppData\Local\Adobe
[2011.08.13 12:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011.08.13 12:02:14 | 000,000,000 | ---D | C] -- C:\Users\........\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.08.13 10:11:43 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys
[2011.08.13 10:11:43 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.sys
[2011.08.13 10:11:43 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys
[2011.08.13 10:11:43 | 000,299,640 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symnets.sys
[2011.08.13 10:11:43 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.sys
[2011.08.13 10:11:42 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\ironx86.sys
[2011.08.13 10:11:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0501000.01D
[2011.08.13 03:41:01 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.13 03:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.13 03:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.13 03:02:31 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.08.13 03:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011.08.13 03:01:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011.08.13 03:01:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011.08.13 03:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011.08.13 03:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011.08.13 00:37:53 | 000,000,000 | ---D | C] -- C:\Users\.......\AppData\Roaming\SUPERAntiSpyware.com
[2011.08.13 00:37:22 | 000,000,000 | ---D | C] -- C:\Users\........\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.08.13 00:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.08.13 00:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.08.12 22:22:00 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\ScanSpyware
[2011.08.12 22:21:59 | 000,008,704 | ---- | C] (ScanSpyware.net) -- C:\Windows\System32\ssbtsr.exe
[2011.08.12 22:21:59 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ScanSpyware
[2011.08.12 22:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSpyware
[2011.08.12 21:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.08.12 20:54:52 | 000,000,000 | ---D | C] -- C:\Users\.......\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair
[2011.08.10 17:57:37 | 000,000,000 | ---D | C] -- C:\Users\........\AppData\Roaming\com.aspiro.wimp.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1
[2011.08.10 17:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Wimp
[2011.08.07 11:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJEPPEX
[2011.08.07 11:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJEPPEX2
[2011.08.07 11:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonEPP
[2011.08.05 01:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJSolutionMenu
[2011.08.04 23:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJEGV
[2011.08.04 23:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Pro9500 Mark II series Manual
[2011.08.04 23:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJMyPrinter
[2011.08.04 23:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2011.08.04 23:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brukerregistrering for Canon Pro9500 Mark II series
[2011.08.04 23:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011.08.04 23:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonBJ
[2011.08.04 23:16:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2011.08.04 23:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Pro9500 II series
[2011.08.04 23:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\CanonBJ
[2011.08.04 22:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011.08.04 12:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.08.03 16:41:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011.08.03 16:37:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.08.02 21:24:57 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.08.02 21:24:37 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Local\Htc
[2011.08.02 21:24:25 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\HTC
[2011.08.02 21:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2011.08.02 21:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2011.08.02 21:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spirent Communications
[2011.08.02 21:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2011.08.02 21:05:58 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Local\Downloaded Installations
[2011.08.02 21:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011.07.24 15:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.08.13 21:43:54 | 000,001,356 | ---- | M] () -- C:\Users\.......\Desktop\OTL - Shortcut (2).lnk
[2011.08.13 21:18:41 | 000,000,589 | ---- | M] () -- C:\Users\........\Desktop\OTL - Shortcut.lnk
[2011.08.13 15:10:02 | 000,019,792 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.13 15:10:02 | 000,019,792 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.13 15:02:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.13 15:02:23 | 1609,797,632 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.13 12:02:14 | 000,002,947 | ---- | M] () -- C:\Users\........\Desktop\HiJackThis.lnk
[2011.08.13 10:15:09 | 001,616,530 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011.08.13 10:11:44 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.08.13 10:11:44 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.08.13 10:11:44 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.08.13 09:56:40 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.13 09:56:40 | 000,456,756 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2011.08.13 09:56:40 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.13 09:56:40 | 000,077,230 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2011.08.13 00:37:22 | 000,001,921 | ---- | M] () -- C:\Users\.......\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.13 00:26:36 | 000,000,805 | ---- | M] () -- C:\Windows\ScanSpyware.INI
[2011.08.12 22:22:00 | 000,001,097 | ---- | M] () -- C:\Users\........\Desktop\Diagnose & Fix.lnk
[2011.08.12 22:22:00 | 000,001,083 | ---- | M] () -- C:\Users\........\Desktop\ScanSpyware.lnk
[2011.08.12 21:46:12 | 000,512,992 | ---- | M] () -- C:\Users\........\Desktop\sdasetup_revwire207.exe
[2011.08.04 11:56:15 | 000,406,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.13 21:43:54 | 000,001,356 | ---- | C] () -- C:\Users\......\Desktop\OTL - Shortcut (2).lnk
[2011.08.13 21:18:41 | 000,000,589 | ---- | C] () -- C:\Users\.......\Desktop\OTL - Shortcut.lnk
[2011.08.13 12:02:14 | 000,002,947 | ---- | C] () -- C:\Users\........\Desktop\HiJackThis.lnk
[2011.08.13 10:14:38 | 001,616,530 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011.08.13 10:11:43 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.cat
[2011.08.13 10:11:43 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.cat
[2011.08.13 10:11:43 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.cat
[2011.08.13 10:11:43 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.cat
[2011.08.13 10:11:43 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.inf
[2011.08.13 10:11:43 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.inf
[2011.08.13 10:11:43 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.inf
[2011.08.13 10:11:43 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.inf
[2011.08.13 10:11:43 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.inf
[2011.08.13 10:11:42 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.cat
[2011.08.13 10:11:42 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.inf
[2011.08.13 10:11:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.cat
[2011.08.13 10:11:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\isolate.ini
[2011.08.13 03:02:31 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.08.13 03:02:31 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.08.13 00:37:22 | 000,001,921 | ---- | C] () -- C:\Users\.......\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.13 00:26:36 | 000,000,805 | ---- | C] () -- C:\Windows\ScanSpyware.INI
[2011.08.12 22:22:00 | 000,001,097 | ---- | C] () -- C:\Users\......\Desktop\Diagnose & Fix.lnk
[2011.08.12 22:22:00 | 000,001,083 | ---- | C] () -- C:\Users\.......\Desktop\ScanSpyware.lnk
[2011.08.12 21:46:18 | 000,512,992 | ---- | C] () -- C:\Users\.......\Desktop\sdasetup_revwire207.exe
[2011.06.24 00:17:59 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.24 00:16:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.10 01:34:16 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.01.12 00:38:25 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.01.10 02:44:57 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.01.10 02:44:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.01.10 02:44:57 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.01.10 02:44:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.01.10 02:44:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.12.16 00:24:57 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.12.16 00:24:55 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.12.16 00:24:51 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010.12.16 00:24:49 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.12.13 21:41:56 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.12.13 17:47:22 | 000,456,756 | ---- | C] () -- C:\Windows\System32\perfh014.dat
[2010.12.13 17:47:22 | 000,298,300 | ---- | C] () -- C:\Windows\System32\perfi014.dat
[2010.12.13 17:47:22 | 000,077,230 | ---- | C] () -- C:\Windows\System32\perfc014.dat
[2010.12.13 17:47:22 | 000,036,156 | ---- | C] () -- C:\Windows\System32\perfd014.dat
[2010.11.11 16:51:29 | 000,000,805 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll
[2009.12.02 20:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,406,848 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011.06.18 20:34:15 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Anarchy
[2010.12.16 18:07:03 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\AnvSoft
[2011.06.02 09:31:49 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Atari
[2011.06.21 20:23:53 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Awem
[2010.12.14 20:04:20 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Big Fish Games
[2011.08.13 21:56:50 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\BitTorrent
[2011.06.19 17:49:17 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Chirurgie Simulation
[2011.08.10 17:57:37 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\com.aspiro.wimp.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1
[2010.12.13 18:57:31 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\DAEMON Tools Lite
[2011.05.18 13:24:51 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\DailyMagic
[2011.05.20 10:21:56 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Elephant Games
[2011.07.06 17:58:25 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\ERS Game Studios
[2011.06.14 13:57:12 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Frogwares
[2011.06.12 21:13:51 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Gogii
[2011.08.02 21:24:37 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\HTC
[2011.08.02 21:24:57 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.04.04 19:59:16 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\IkitMovie
[2011.01.13 15:16:47 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\IrfanView
[2011.06.02 09:19:06 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Leadertech
[2011.03.08 02:14:01 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\LucasArts
[2011.06.11 15:54:27 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\MumboJumbo
[2010.12.13 17:05:40 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Option
[2011.06.29 12:28:15 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Orneon
[2011.08.12 22:22:05 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\ScanSpyware
[2011.05.13 10:11:04 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Silverback Productions
[2011.01.13 02:19:55 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Tific
[2011.06.12 00:15:25 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Unity
[2011.06.16 13:41:07 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\ValuSoft
[2011.06.12 19:21:05 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\VendelGAMES
[2011.05.11 11:59:23 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2010.11.11 16:33:52 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2010.11.11 16:33:52 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010.11.11 16:31:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010.11.11 16:31:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010.11.11 16:33:52 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.11 16:33:52 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.11 16:33:52 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010.11.11 16:33:52 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:943971F5
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:587F3582
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:ECF3C50F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F6A0889A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:2652902F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:90D89144
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6B86037F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B9B3B2FE

< End of report >

Edited by xharks, 13 August 2011 - 02:20 PM.

  • 0

#6
xharks

xharks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here are the aswMBR log after scan;



aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-13 22:28:00
-----------------------------
22:28:00.435 OS Version: Windows 6.1.7601 Service Pack 1
22:28:00.435 Number of processors: 2 586 0x6801
22:28:00.437 ComputerName: [bleep] UserName:
22:28:04.055 Initialize success
22:28:35.304 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
22:28:35.307 Disk 0 Vendor: WDC_WD2500BEVS-60UST0 01.01A01 Size: 238475MB BusType: 3
22:28:37.330 Disk 0 MBR read successfully
22:28:37.334 Disk 0 MBR scan
22:28:37.337 Disk 0 Windows 7 default MBR code
22:28:37.343 Disk 0 scanning sectors +488392065
22:28:37.416 Disk 0 scanning C:\Windows\system32\drivers
22:29:08.692 Service scanning
22:29:09.698 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
22:29:10.333 Modules scanning
22:29:38.403 Disk 0 trace - called modules:
22:29:38.422 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85cfded1]<<
22:29:38.428 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ce7030]
22:29:38.434 3 CLASSPNP.SYS[8900459e] -> nt!IofCallDriver -> [0x85bce320]
22:29:38.777 5 ACPI.sys[8333a3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x85bf5030]
22:29:38.785 \Driver\atapi[0x85bb7f38] -> IRP_MJ_CREATE -> 0x85b481f8
22:29:38.794 Scan finished successfully
22:30:12.061 Disk 0 MBR has been saved successfully to "C:\Users\.....\Desktop\MBR.dat"
22:30:12.070 The log file has been saved successfully to "C:\Users\.....\Desktop\aswMBR.txt"

Edited by xharks, 13 August 2011 - 02:35 PM.

  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I see that you have removed the user names ... In the fix that follows you must write the user name exactly otherwise the fix will fail

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - File not found
    O3 - HKU\S-1-5-21-129522727-1406623530-2129584584-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKU\S-1-5-21-129522727-1406623530-2129584584-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    [2011.08.12 20:54:52 | 000,000,000 | ---D | C] -- C:\Users\.......\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    Posted Image
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#8
xharks

xharks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTL logfile created on: 13.08.2011 23:02:31 - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Gerhardsen\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,06% Memory free
4,00 Gb Paging File | 2,74 Gb Available in Paging File | 68,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226,49 Gb Total Space | 94,40 Gb Free Space | 41,68% Space Free | Partition Type: NTFS
Drive D: | 6,39 Gb Total Space | 1,40 Gb Free Space | 21,84% Space Free | Partition Type: NTFS
Drive K: | 622,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 697,12 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: [bleep] | User Name: Gerhardsen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.13 21:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Gerhardsen\Downloads\OTL.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011.06.24 10:49:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.26 17:22:02 | 000,593,920 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011.04.04 10:22:31 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.03.22 16:15:39 | 000,189,824 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\Zlh.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.17 16:22:48 | 000,288,072 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nse\Bin\Nsesvc.exe
PRC - [2010.12.09 13:45:59 | 000,141,000 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nsc\Bin\nassvc32.exe
PRC - [2010.12.02 11:13:55 | 000,308,408 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe
PRC - [2010.11.30 16:10:46 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.11 13:43:28 | 000,075,104 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe
PRC - [2010.11.10 14:59:37 | 000,090,656 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Ngs\Bin\nprosec.exe
PRC - [2010.11.10 14:48:32 | 000,223,000 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Ngs\Bin\nnf.exe
PRC - [2010.11.10 09:48:14 | 000,262,247 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nig\Bin\niguser.exe
PRC - [2010.11.08 18:02:27 | 000,315,495 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npf\Bin\npfuser.exe
PRC - [2010.11.08 18:02:27 | 000,111,912 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe
PRC - [2010.11.08 18:02:27 | 000,099,312 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\scheduler.exe
PRC - [2010.11.08 17:56:34 | 000,336,304 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nig\Bin\nigsvc32.exe
PRC - [2010.11.08 17:56:34 | 000,290,472 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npf\Bin\npfsvc32.exe
PRC - [2010.11.08 17:56:34 | 000,198,168 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\Bin\Nvcoas.exe
PRC - [2010.11.08 17:56:34 | 000,182,712 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\Bin\Nip.exe
PRC - [2010.11.08 17:56:34 | 000,100,336 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\nvoy.exe
PRC - [2010.11.08 17:56:34 | 000,078,176 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nsc\Bin\NOELauncher.exe
PRC - [2010.11.08 17:56:34 | 000,074,592 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\Bin\CClaw.exe
PRC - [2010.08.17 11:44:58 | 000,099,904 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npt\Bin\npsvc32.exe
PRC - [2010.07.04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008.10.09 07:07:56 | 000,107,912 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE


========== Modules (SafeList) ==========

MOD - [2011.08.13 21:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Gerhardsen\Downloads\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010.11.08 17:56:34 | 000,251,240 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\Bin\Niphk.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.01.12 00:36:42 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2010.12.17 16:22:48 | 000,288,072 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Nse\Bin\NSESVC.EXE -- (nsesvc)
SRV - [2010.12.13 17:48:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.12.09 13:45:59 | 000,141,000 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\nsc\bin\nassvc32.exe -- (NASS)
SRV - [2010.12.02 11:13:55 | 000,308,408 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA)
SRV - [2010.11.11 13:43:28 | 000,075,104 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe -- (eLoggerSvc6)
SRV - [2010.11.10 14:59:37 | 000,090,656 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\Nprosec.exe -- (NPROSECSVC)
SRV - [2010.11.10 14:48:32 | 000,223,000 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\Nnf.exe -- (NNFSVC)
SRV - [2010.11.08 18:02:27 | 000,111,912 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe -- (Norman NJeeves)
SRV - [2010.11.08 18:02:27 | 000,099,312 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\scheduler.exe -- (Scheduler)
SRV - [2010.11.08 17:56:34 | 000,336,304 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\nig\bin\nigsvc32.exe -- (NIG)
SRV - [2010.11.08 17:56:34 | 000,290,472 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\npf\bin\npfsvc32.exe -- (NPFSvc32)
SRV - [2010.11.08 17:56:34 | 000,198,168 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Nvc\Bin\nvcoas.exe -- (nvcoas)
SRV - [2010.11.08 17:56:34 | 000,100,336 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\npm\bin\nvoy.exe -- (NVOY)
SRV - [2010.08.17 11:44:58 | 000,099,904 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npt\Bin\Npsvc32.exe -- (npsvc32)
SRV - [2010.03.25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.10.09 07:07:56 | 000,107,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007.05.31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011.08.13 10:11:44 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.08.13 10:11:03 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110813.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.08.13 10:11:03 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011.08.13 10:11:03 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.08.13 10:11:03 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110813.002\NAVENG.SYS -- (NAVENG)
DRV - [2011.08.12 08:32:30 | 000,367,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110812.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011.07.23 00:32:12 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110723.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.07.08 17:44:30 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SYMNETS.SYS -- (SymNetS)
DRV - [2011.03.31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011.03.31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011.03.15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011.01.27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010.12.13 18:58:15 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\WinUSB.SYS -- (WINUSB)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.16 03:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010.11.11 14:01:40 | 000,024,688 | ---- | M] (Norman ASA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\nvcv32mf.sys -- (NvcMFlt)
DRV - [2010.11.10 15:48:11 | 000,040,384 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\nregsec.sys -- (nregsec)
DRV - [2010.11.10 15:48:00 | 000,074,144 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Program Files\Norman\Ngs\Bin\nprosec.sys -- (NPROSEC)
DRV - [2010.11.10 15:47:28 | 000,061,472 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Windows\System32\drivers\ale_nf.sys -- (ALE_NF)
DRV - [2010.06.23 10:24:56 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.02.25 01:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2010.01.04 15:44:43 | 000,026,744 | ---- | M] (Norman ASA) [Kernel | System | Running] -- c:\Program Files\Norman\Ngs\Bin\ngs.sys -- (NGS)
DRV - [2009.12.03 17:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.10.09 14:24:40 | 000,022,880 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Nse\Bin\Ndiskio.sys -- (Ndiskio)
DRV - [2009.10.03 07:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009.06.25 17:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009.06.25 17:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009.06.25 17:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009.02.24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008.03.03 20:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.03.06 19:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.02.16 14:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 9A 19 3D 6D 9A CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.no"
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Gerhardsen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.08.13 22:51:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_0_8 [2011.08.13 22:58:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.24 10:49:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.04 12:01:18 | 000,000,000 | ---D | M]

[2010.12.13 14:28:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerhardsen\AppData\Roaming\Mozilla\Extensions
[2011.06.24 10:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerhardsen\AppData\Roaming\Mozilla\Firefox\Profiles\9djpbfmq.default\extensions
[2011.06.24 10:49:25 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Gerhardsen\AppData\Roaming\Mozilla\Firefox\Profiles\9djpbfmq.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010.12.13 18:59:10 | 000,002,059 | ---- | M] () -- C:\Users\Gerhardsen\AppData\Roaming\Mozilla\Firefox\Profiles\9djpbfmq.default\searchplugins\daemon-search.xml
[2011.07.24 15:02:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.01.11 23:45:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.07.24 15:02:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011.08.13 22:58:39 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_0_8
[2011.08.13 22:51:44 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
() (No name found) -- C:\USERS\GERHARDSEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DJPBFMQ.DEFAULT\EXTENSIONS\[email protected]RISTOPHER.BEARD.XPI
() (No name found) -- C:\USERS\GERHARDSEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DJPBFMQ.DEFAULT\EXTENSIONS\[email protected]
[2011.06.24 10:49:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.11.30 16:11:52 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011.08.13 22:51:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NOELauncher] C:\Program Files\Norman\nsc\bin\noelauncher.exe (Norman ASA)
O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Spyware Doctor with AntiVirus] C:\Users\Gerhardsen\Desktop\sdasetup_revwire207.exe ()
O4 - Startup: C:\Users\Gerhardsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O4 - Startup: C:\Users\Gerhardsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.75.75.75 193.75.75.193 193.75.75.75
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2007.10.08 19:52:46 | 000,000,042 | R--- | M] () - K:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2005.10.13 23:23:46 | 000,045,056 | R--- | M] () - M:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.09.27 02:21:07 | 000,000,158 | R--- | M] () - M:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.08.13 22:48:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.13 12:11:22 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Local\Adobe
[2011.08.13 12:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011.08.13 12:02:14 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.08.13 10:11:43 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys
[2011.08.13 10:11:43 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.sys
[2011.08.13 10:11:43 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys
[2011.08.13 10:11:43 | 000,299,640 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symnets.sys
[2011.08.13 10:11:43 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.sys
[2011.08.13 10:11:42 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\ironx86.sys
[2011.08.13 10:11:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0501000.01D
[2011.08.13 03:41:01 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.13 03:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.13 03:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.13 03:02:31 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.08.13 03:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011.08.13 03:01:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011.08.13 03:01:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011.08.13 03:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011.08.13 03:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011.08.13 00:37:53 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\SUPERAntiSpyware.com
[2011.08.13 00:37:22 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.08.13 00:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.08.13 00:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.08.12 22:22:00 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\ScanSpyware
[2011.08.12 22:21:59 | 000,008,704 | ---- | C] (ScanSpyware.net) -- C:\Windows\System32\ssbtsr.exe
[2011.08.12 22:21:59 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ScanSpyware
[2011.08.12 22:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSpyware
[2011.08.12 21:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.08.12 20:54:52 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair
[2011.08.10 17:57:37 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\com.aspiro.wimp.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1
[2011.08.10 17:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Wimp
[2011.08.07 11:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJEPPEX
[2011.08.07 11:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJEPPEX2
[2011.08.07 11:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonEPP
[2011.08.05 01:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJSolutionMenu
[2011.08.04 23:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJEGV
[2011.08.04 23:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Pro9500 Mark II series Manual
[2011.08.04 23:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJMyPrinter
[2011.08.04 23:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2011.08.04 23:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brukerregistrering for Canon Pro9500 Mark II series
[2011.08.04 23:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011.08.04 23:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonBJ
[2011.08.04 23:16:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2011.08.04 23:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Pro9500 II series
[2011.08.04 23:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\CanonBJ
[2011.08.04 22:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011.08.04 12:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.08.03 16:41:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011.08.03 16:37:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.08.02 21:24:57 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.08.02 21:24:37 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Local\Htc
[2011.08.02 21:24:25 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\HTC
[2011.08.02 21:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2011.08.02 21:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2011.08.02 21:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spirent Communications
[2011.08.02 21:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2011.08.02 21:05:58 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Local\Downloaded Installations
[2011.08.02 21:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011.07.24 15:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2011.08.13 23:05:49 | 000,019,792 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.13 23:05:49 | 000,019,792 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.13 22:58:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.13 22:58:01 | 1609,797,632 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.13 22:51:37 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.08.13 22:30:12 | 000,000,512 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\MBR.dat
[2011.08.13 22:27:46 | 000,001,416 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\aswMBR(1).exe - Shortcut.lnk
[2011.08.13 21:43:54 | 000,001,356 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\OTL - Shortcut (2).lnk
[2011.08.13 21:18:41 | 000,000,589 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\OTL - Shortcut.lnk
[2011.08.13 12:02:14 | 000,002,947 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\HiJackThis.lnk
[2011.08.13 10:15:09 | 001,616,530 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011.08.13 10:11:44 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.08.13 10:11:44 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.08.13 10:11:44 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.08.13 09:56:40 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.13 09:56:40 | 000,456,756 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2011.08.13 09:56:40 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.13 09:56:40 | 000,077,230 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2011.08.13 00:37:22 | 000,001,921 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.13 00:26:36 | 000,000,805 | ---- | M] () -- C:\Windows\ScanSpyware.INI
[2011.08.12 22:22:00 | 000,001,097 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\Diagnose & Fix.lnk
[2011.08.12 22:22:00 | 000,001,083 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\ScanSpyware.lnk
[2011.08.12 21:46:12 | 000,512,992 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\sdasetup_revwire207.exe
[2011.08.04 11:56:15 | 000,406,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011.08.13 22:30:12 | 000,000,512 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\MBR.dat
[2011.08.13 22:27:45 | 000,001,416 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\aswMBR(1).exe - Shortcut.lnk
[2011.08.13 21:43:54 | 000,001,356 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\OTL - Shortcut (2).lnk
[2011.08.13 21:18:41 | 000,000,589 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\OTL - Shortcut.lnk
[2011.08.13 12:02:14 | 000,002,947 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\HiJackThis.lnk
[2011.08.13 10:14:38 | 001,616,530 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011.08.13 10:11:43 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.cat
[2011.08.13 10:11:43 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.cat
[2011.08.13 10:11:43 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.cat
[2011.08.13 10:11:43 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.cat
[2011.08.13 10:11:43 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.inf
[2011.08.13 10:11:43 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.inf
[2011.08.13 10:11:43 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.inf
[2011.08.13 10:11:43 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.inf
[2011.08.13 10:11:43 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.inf
[2011.08.13 10:11:42 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.cat
[2011.08.13 10:11:42 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.inf
[2011.08.13 10:11:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.cat
[2011.08.13 10:11:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\isolate.ini
[2011.08.13 03:02:31 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.08.13 03:02:31 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.08.13 00:37:22 | 000,001,921 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.13 00:26:36 | 000,000,805 | ---- | C] () -- C:\Windows\ScanSpyware.INI
[2011.08.12 22:22:00 | 000,001,097 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\Diagnose & Fix.lnk
[2011.08.12 22:22:00 | 000,001,083 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\ScanSpyware.lnk
[2011.08.12 21:46:18 | 000,512,992 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\sdasetup_revwire207.exe
[2011.06.24 00:17:59 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.24 00:16:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.10 01:34:16 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.01.12 00:38:25 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.01.10 02:44:57 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.01.10 02:44:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.01.10 02:44:57 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.01.10 02:44:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.01.10 02:44:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.12.16 00:24:57 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.12.16 00:24:55 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.12.16 00:24:51 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010.12.16 00:24:49 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.12.13 21:41:56 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.12.13 17:47:22 | 000,456,756 | ---- | C] () -- C:\Windows\System32\perfh014.dat
[2010.12.13 17:47:22 | 000,298,300 | ---- | C] () -- C:\Windows\System32\perfi014.dat
[2010.12.13 17:47:22 | 000,077,230 | ---- | C] () -- C:\Windows\System32\perfc014.dat
[2010.12.13 17:47:22 | 000,036,156 | ---- | C] () -- C:\Windows\System32\perfd014.dat
[2010.11.11 16:51:29 | 000,000,805 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll
[2009.12.02 20:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,406,848 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011.06.18 20:34:15 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Anarchy
[2010.12.16 18:07:03 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\AnvSoft
[2011.06.02 09:31:49 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Atari
[2011.06.21 20:23:53 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Awem
[2010.12.14 20:04:20 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Big Fish Games
[2011.08.13 23:09:16 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\BitTorrent
[2011.06.19 17:49:17 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Chirurgie Simulation
[2011.08.10 17:57:37 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\com.aspiro.wimp.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1
[2010.12.13 18:57:31 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\DAEMON Tools Lite
[2011.05.18 13:24:51 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\DailyMagic
[2011.05.20 10:21:56 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Elephant Games
[2011.07.06 17:58:25 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\ERS Game Studios
[2011.06.14 13:57:12 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Frogwares
[2011.06.12 21:13:51 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Gogii
[2011.08.02 21:24:37 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\HTC
[2011.08.02 21:24:57 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.04.04 19:59:16 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\IkitMovie
[2011.01.13 15:16:47 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\IrfanView
[2011.06.02 09:19:06 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Leadertech
[2011.03.08 02:14:01 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\LucasArts
[2011.06.11 15:54:27 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\MumboJumbo
[2010.12.13 17:05:40 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Option
[2011.06.29 12:28:15 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Orneon
[2011.08.12 22:22:05 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\ScanSpyware
[2011.05.13 10:11:04 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Silverback Productions
[2011.01.13 02:19:55 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Tific
[2011.06.12 00:15:25 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Unity
[2011.06.16 13:41:07 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\ValuSoft
[2011.06.12 19:21:05 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\VendelGAMES
[2011.05.11 11:59:23 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:943971F5
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:587F3582
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:ECF3C50F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F6A0889A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:2652902F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:90D89144
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6B86037F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B9B3B2FE

< End of report >
  • 0

#9
xharks

xharks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I have extracted the tdsskiller to the desctop and when I try to start the program, nothing`s happening?
  • 0

#10
xharks

xharks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Worked after a scan with Kaspersky avp tool. A rootkit was found and disinfected.

Here are rdsskill log;



2011/08/14 02:19:38.0028 4524 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/14 02:19:40.0040 4524 ================================================================================
2011/08/14 02:19:40.0040 4524 SystemInfo:
2011/08/14 02:19:40.0040 4524
2011/08/14 02:19:40.0040 4524 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/14 02:19:40.0040 4524 Product type: Workstation
2011/08/14 02:19:40.0040 4524 ComputerName: [bleep]
2011/08/14 02:19:40.0040 4524 UserName: .....
2011/08/14 02:19:40.0040 4524 Windows directory: C:\Windows
2011/08/14 02:19:40.0040 4524 System windows directory: C:\Windows
2011/08/14 02:19:40.0040 4524 Processor architecture: Intel x86
2011/08/14 02:19:40.0040 4524 Number of processors: 2
2011/08/14 02:19:40.0040 4524 Page size: 0x1000
2011/08/14 02:19:40.0040 4524 Boot type: Normal boot
2011/08/14 02:19:40.0040 4524 ================================================================================
2011/08/14 02:19:44.0455 4524 Initialize success
2011/08/14 02:20:19.0414 3232 ================================================================================
2011/08/14 02:20:19.0414 3232 Scan started
2011/08/14 02:20:19.0414 3232 Mode: Manual;
2011/08/14 02:20:19.0414 3232 ================================================================================
2011/08/14 02:20:22.0378 3232 11528477 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\11528477.sys
2011/08/14 02:20:22.0753 3232 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/08/14 02:20:23.0283 3232 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/08/14 02:20:23.0486 3232 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/08/14 02:20:23.0985 3232 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/14 02:20:24.0188 3232 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/14 02:20:24.0344 3232 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/14 02:20:24.0547 3232 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/08/14 02:20:24.0796 3232 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/08/14 02:20:25.0233 3232 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/08/14 02:20:25.0452 3232 ALE_NF (ecb20a3e250c9f8cc8dd5f04b6740474) C:\Windows\system32\drivers\ale_nf.sys
2011/08/14 02:20:25.0670 3232 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/08/14 02:20:25.0779 3232 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/08/14 02:20:25.0998 3232 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/08/14 02:20:27.0324 3232 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/14 02:20:27.0573 3232 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/14 02:20:27.0854 3232 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/08/14 02:20:28.0010 3232 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/14 02:20:28.0462 3232 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/08/14 02:20:28.0821 3232 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/08/14 02:20:29.0149 3232 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/08/14 02:20:29.0305 3232 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/14 02:20:29.0679 3232 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/14 02:20:29.0929 3232 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/08/14 02:20:30.0272 3232 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
2011/08/14 02:20:30.0865 3232 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/08/14 02:20:31.0255 3232 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/14 02:20:31.0894 3232 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/08/14 02:20:32.0441 3232 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/08/14 02:20:33.0112 3232 BHDrvx86 (f7ff24bb7714247f27b615b3a7d8b132) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110723.001\BHDrvx86.sys
2011/08/14 02:20:33.0627 3232 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/14 02:20:33.0861 3232 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/14 02:20:34.0220 3232 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/14 02:20:34.0781 3232 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/14 02:20:35.0047 3232 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/08/14 02:20:35.0203 3232 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/14 02:20:35.0499 3232 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/14 02:20:35.0671 3232 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/14 02:20:36.0045 3232 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
2011/08/14 02:20:36.0295 3232 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/14 02:20:36.0513 3232 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/14 02:20:36.0809 3232 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
2011/08/14 02:20:37.0028 3232 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
2011/08/14 02:20:37.0558 3232 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/14 02:20:37.0777 3232 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/08/14 02:20:38.0167 3232 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/14 02:20:38.0525 3232 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/08/14 02:20:39.0321 3232 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/14 02:20:40.0101 3232 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/08/14 02:20:40.0241 3232 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/08/14 02:20:40.0429 3232 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2011/08/14 02:20:40.0725 3232 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/14 02:20:40.0897 3232 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/14 02:20:41.0146 3232 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/14 02:20:41.0536 3232 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/08/14 02:20:42.0113 3232 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/08/14 02:20:42.0519 3232 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/08/14 02:20:43.0159 3232 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/08/14 02:20:43.0595 3232 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/08/14 02:20:44.0063 3232 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/14 02:20:45.0046 3232 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/08/14 02:20:46.0060 3232 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/08/14 02:20:46.0700 3232 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/14 02:20:47.0074 3232 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/08/14 02:20:47.0558 3232 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/08/14 02:20:48.0010 3232 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/08/14 02:20:48.0463 3232 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/08/14 02:20:49.0040 3232 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/14 02:20:49.0211 3232 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/08/14 02:20:49.0336 3232 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/08/14 02:20:49.0492 3232 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/14 02:20:49.0679 3232 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/08/14 02:20:50.0116 3232 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/08/14 02:20:50.0413 3232 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/14 02:20:50.0709 3232 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/14 02:20:50.0943 3232 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/14 02:20:51.0442 3232 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/14 02:20:51.0770 3232 HBtnKey (c172f0d0329e46513b09e1fc60a27b9d) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/08/14 02:20:51.0957 3232 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/14 02:20:52.0534 3232 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/08/14 02:20:53.0065 3232 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/14 02:20:53.0517 3232 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/14 02:20:53.0782 3232 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/14 02:20:54.0001 3232 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/14 02:20:54.0359 3232 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/08/14 02:20:54.0749 3232 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/14 02:20:55.0077 3232 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/08/14 02:20:55.0576 3232 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/14 02:20:56.0481 3232 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/08/14 02:20:56.0965 3232 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/08/14 02:20:57.0589 3232 IDSVix86 (c15fcea5c150314489698b2571a5190d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110812.030\IDSvix86.sys
2011/08/14 02:20:57.0979 3232 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/14 02:20:58.0291 3232 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/08/14 02:20:58.0696 3232 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/14 02:20:59.0055 3232 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/14 02:20:59.0492 3232 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/08/14 02:20:59.0851 3232 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/08/14 02:21:00.0085 3232 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/08/14 02:21:00.0412 3232 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/08/14 02:21:00.0787 3232 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/08/14 02:21:01.0021 3232 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/08/14 02:21:01.0286 3232 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/14 02:21:01.0691 3232 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/14 02:21:02.0175 3232 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/14 02:21:02.0471 3232 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/14 02:21:02.0752 3232 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/14 02:21:03.0095 3232 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/14 02:21:03.0751 3232 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/14 02:21:03.0985 3232 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/08/14 02:21:04.0203 3232 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/08/14 02:21:04.0468 3232 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/14 02:21:04.0936 3232 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/14 02:21:05.0404 3232 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/08/14 02:21:05.0779 3232 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/14 02:21:06.0044 3232 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/08/14 02:21:06.0293 3232 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/14 02:21:06.0871 3232 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/08/14 02:21:07.0245 3232 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/08/14 02:21:08.0290 3232 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/14 02:21:08.0883 3232 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/08/14 02:21:09.0413 3232 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/14 02:21:10.0349 3232 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/14 02:21:10.0521 3232 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/14 02:21:10.0771 3232 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/08/14 02:21:11.0036 3232 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/08/14 02:21:11.0691 3232 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/08/14 02:21:11.0925 3232 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/14 02:21:12.0159 3232 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/08/14 02:21:12.0502 3232 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/14 02:21:12.0799 3232 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/14 02:21:13.0033 3232 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/08/14 02:21:13.0563 3232 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/08/14 02:21:14.0047 3232 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/08/14 02:21:14.0218 3232 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/08/14 02:21:14.0437 3232 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/14 02:21:14.0889 3232 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/08/14 02:21:15.0575 3232 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/14 02:21:16.0324 3232 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110813.002\NAVENG.SYS
2011/08/14 02:21:16.0777 3232 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110813.002\NAVEX15.SYS
2011/08/14 02:21:17.0354 3232 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/08/14 02:21:18.0056 3232 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/14 02:21:18.0352 3232 Ndiskio (725123f7aebfef717e3f26b25b149d7a) C:\Program Files\Norman\Nse\Bin\NDISKIO.SYS
2011/08/14 02:21:18.0493 3232 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/14 02:21:18.0727 3232 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/14 02:21:18.0836 3232 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/14 02:21:18.0976 3232 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/08/14 02:21:19.0460 3232 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/14 02:21:19.0694 3232 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/14 02:21:20.0193 3232 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/14 02:21:20.0926 3232 NGS (490757522cded90e6af55dab943ba828) c:\program files\norman\ngs\bin\ngs.sys
2011/08/14 02:21:21.0394 3232 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/08/14 02:21:21.0831 3232 NPROSEC (4ff9dc9a26f244c004ffe8b8a4dc9813) C:\Program Files\Norman\Ngs\Bin\nprosec.sys
2011/08/14 02:21:21.0971 3232 nregsec (cc0ac51d07884984d04669b496563c95) C:\Program Files\Norman\Ngs\Bin\nregsec.sys
2011/08/14 02:21:22.0333 3232 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/14 02:21:22.0916 3232 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/08/14 02:21:23.0861 3232 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/08/14 02:21:23.0992 3232 NvcMFlt (18930db94d16580767ecee7a48d41b06) C:\Windows\system32\DRIVERS\nvcv32mf.sys
2011/08/14 02:21:24.0423 3232 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/08/14 02:21:26.0482 3232 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/14 02:21:27.0170 3232 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/08/14 02:21:27.0334 3232 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/08/14 02:21:27.0480 3232 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/08/14 02:21:27.0794 3232 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/08/14 02:21:27.0961 3232 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/08/14 02:21:28.0163 3232 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/08/14 02:21:28.0364 3232 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/08/14 02:21:28.0529 3232 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/14 02:21:28.0703 3232 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/08/14 02:21:28.0810 3232 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/08/14 02:21:28.0981 3232 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/14 02:21:29.0108 3232 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/08/14 02:21:29.0227 3232 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/08/14 02:21:29.0801 3232 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/14 02:21:29.0951 3232 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/08/14 02:21:30.0133 3232 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/14 02:21:30.0439 3232 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/14 02:21:30.0757 3232 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/14 02:21:31.0041 3232 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/14 02:21:31.0206 3232 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/14 02:21:31.0484 3232 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/14 02:21:31.0761 3232 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/14 02:21:32.0063 3232 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/14 02:21:32.0416 3232 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/14 02:21:32.0732 3232 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/14 02:21:33.0038 3232 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/14 02:21:33.0241 3232 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/14 02:21:33.0440 3232 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/08/14 02:21:33.0583 3232 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/14 02:21:33.0722 3232 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/14 02:21:33.0869 3232 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/08/14 02:21:34.0024 3232 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/08/14 02:21:34.0394 3232 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/08/14 02:21:34.0573 3232 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/14 02:21:34.0844 3232 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/08/14 02:21:34.0970 3232 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/08/14 02:21:35.0096 3232 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/08/14 02:21:35.0286 3232 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/14 02:21:35.0417 3232 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/08/14 02:21:35.0708 3232 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/14 02:21:36.0258 3232 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/14 02:21:36.0510 3232 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/08/14 02:21:36.0733 3232 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/14 02:21:36.0918 3232 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
2011/08/14 02:21:37.0104 3232 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/14 02:21:37.0240 3232 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/14 02:21:37.0428 3232 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/08/14 02:21:37.0533 3232 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/14 02:21:37.0709 3232 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/08/14 02:21:37.0836 3232 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/14 02:21:37.0994 3232 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/14 02:21:38.0237 3232 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/14 02:21:38.0391 3232 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/08/14 02:21:38.0491 3232 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/14 02:21:38.0688 3232 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/14 02:21:38.0857 3232 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/08/14 02:21:39.0006 3232 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/08/14 02:21:39.0218 3232 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/08/14 02:21:39.0218 3232 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/08/14 02:21:39.0226 3232 sptd - detected LockedFile.Multi.Generic (1)
2011/08/14 02:21:39.0403 3232 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS
2011/08/14 02:21:39.0531 3232 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
2011/08/14 02:21:39.0760 3232 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/08/14 02:21:39.0911 3232 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/14 02:21:40.0098 3232 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/08/14 02:21:40.0374 3232 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/08/14 02:21:40.0748 3232 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/08/14 02:21:41.0088 3232 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/14 02:21:41.0318 3232 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/14 02:21:41.0555 3232 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/08/14 02:21:41.0764 3232 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/08/14 02:21:41.0867 3232 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/08/14 02:21:42.0186 3232 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
2011/08/14 02:21:42.0389 3232 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
2011/08/14 02:21:42.0745 3232 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/08/14 02:21:43.0073 3232 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
2011/08/14 02:21:43.0369 3232 SymNetS (2c688094650d23b62b0a809decd0b12f) C:\Windows\System32\Drivers\N360\0501000.01D\SYMNETS.SYS
2011/08/14 02:21:43.0797 3232 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
2011/08/14 02:21:44.0298 3232 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/14 02:21:44.0402 3232 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/14 02:21:44.0542 3232 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/08/14 02:21:44.0675 3232 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/08/14 02:21:44.0933 3232 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/14 02:21:45.0109 3232 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/08/14 02:21:45.0306 3232 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/14 02:21:45.0474 3232 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/14 02:21:45.0689 3232 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/14 02:21:45.0881 3232 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/14 02:21:46.0015 3232 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/14 02:21:46.0219 3232 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/14 02:21:46.0413 3232 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/08/14 02:21:46.0520 3232 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/14 02:21:46.0782 3232 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/08/14 02:21:46.0924 3232 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/14 02:21:47.0096 3232 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/08/14 02:21:47.0274 3232 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/14 02:21:47.0461 3232 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/14 02:21:47.0678 3232 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/14 02:21:47.0790 3232 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/14 02:21:47.0897 3232 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/08/14 02:21:47.0998 3232 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
2011/08/14 02:21:48.0176 3232 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/14 02:21:48.0329 3232 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/08/14 02:21:48.0547 3232 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/14 02:21:48.0705 3232 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/14 02:21:48.0862 3232 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/08/14 02:21:49.0087 3232 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/08/14 02:21:49.0228 3232 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/08/14 02:21:49.0364 3232 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/08/14 02:21:49.0521 3232 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/08/14 02:21:49.0691 3232 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/08/14 02:21:49.0933 3232 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/08/14 02:21:50.0044 3232 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/08/14 02:21:50.0252 3232 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/08/14 02:21:50.0462 3232 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/08/14 02:21:50.0672 3232 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/14 02:21:50.0797 3232 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/14 02:21:50.0909 3232 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/14 02:21:51.0020 3232 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/08/14 02:21:51.0196 3232 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/14 02:21:51.0358 3232 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/14 02:21:51.0470 3232 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/14 02:21:51.0555 3232 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/08/14 02:21:51.0667 3232 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/14 02:21:51.0840 3232 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/14 02:21:51.0929 3232 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/08/14 02:21:52.0098 3232 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\drivers\WinUSB.SYS
2011/08/14 02:21:52.0264 3232 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/14 02:21:52.0595 3232 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/14 02:21:53.0056 3232 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/08/14 02:21:53.0227 3232 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/14 02:21:53.0434 3232 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/14 02:21:53.0460 3232 Boot (0x1200) (652d5a6e2b90361b76ad286db703bfc5) \Device\Harddisk0\DR0\Partition0
2011/08/14 02:21:53.0517 3232 Boot (0x1200) (85580b973adca6812730e808f4496632) \Device\Harddisk0\DR0\Partition1
2011/08/14 02:21:53.0566 3232 ================================================================================
2011/08/14 02:21:53.0566 3232 Scan finished
2011/08/14 02:21:53.0567 3232 ================================================================================
2011/08/14 02:21:53.0583 3428 Detected object count: 1
2011/08/14 02:21:53.0583 3428 Actual detected object count: 1
2011/08/14 02:22:28.0291 3428 LockedFile.Multi.Generic(sptd) - User select action: Skip
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is good to know, I had a feeling TDSSKiller would fail to run. So you went to my next stage with AVP, are you psychic :)

On completion of this run can you let me know what problems remain

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
    [2011.08.12 20:54:52 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#12
xharks

xharks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Lol :) I thought you would say that:)

Here is the OTL quick scan log. I didn`t check the scan all users box, was I supposed to? Just to be sure:)




OTL logfile created on: 14.08.2011 12:19:49 - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Gerhardsen\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,10% Memory free
4,00 Gb Paging File | 3,01 Gb Available in Paging File | 75,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226,49 Gb Total Space | 96,74 Gb Free Space | 42,71% Space Free | Partition Type: NTFS
Drive D: | 6,39 Gb Total Space | 1,40 Gb Free Space | 21,84% Space Free | Partition Type: NTFS
Drive K: | 622,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 697,12 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: [bleep] | User Name: Gerhardsen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.13 21:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Gerhardsen\Downloads\OTL.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011.06.24 10:49:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011.04.04 10:22:31 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2011.03.22 16:15:39 | 000,189,824 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\Zlh.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.17 16:22:48 | 000,288,072 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nse\Bin\Nsesvc.exe
PRC - [2010.12.09 13:45:59 | 000,141,000 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nsc\Bin\nassvc32.exe
PRC - [2010.12.02 11:13:55 | 000,308,408 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe
PRC - [2010.11.30 16:10:46 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.11 13:43:28 | 000,075,104 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe
PRC - [2010.11.10 14:59:37 | 000,090,656 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Ngs\Bin\nprosec.exe
PRC - [2010.11.10 14:48:32 | 000,223,000 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Ngs\Bin\nnf.exe
PRC - [2010.11.10 09:48:14 | 000,262,247 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nig\Bin\niguser.exe
PRC - [2010.11.08 18:02:27 | 000,111,912 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe
PRC - [2010.11.08 18:02:27 | 000,099,312 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\scheduler.exe
PRC - [2010.11.08 17:56:34 | 000,336,304 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nig\Bin\nigsvc32.exe
PRC - [2010.11.08 17:56:34 | 000,290,472 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npf\Bin\npfsvc32.exe
PRC - [2010.11.08 17:56:34 | 000,198,168 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\Bin\Nvcoas.exe
PRC - [2010.11.08 17:56:34 | 000,182,712 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\Bin\Nip.exe
PRC - [2010.11.08 17:56:34 | 000,100,336 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\nvoy.exe
PRC - [2010.11.08 17:56:34 | 000,078,176 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nsc\Bin\NOELauncher.exe
PRC - [2010.11.08 17:56:34 | 000,074,592 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\Bin\CClaw.exe
PRC - [2010.08.17 11:44:58 | 000,099,904 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npt\Bin\npsvc32.exe
PRC - [2010.07.04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008.10.09 07:07:56 | 000,107,912 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE


========== Modules (SafeList) ==========

MOD - [2011.08.13 21:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Gerhardsen\Downloads\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010.11.08 17:56:34 | 000,251,240 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\Bin\Niphk.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2011.01.12 00:36:42 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2010.12.17 16:22:48 | 000,288,072 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Nse\Bin\NSESVC.EXE -- (nsesvc)
SRV - [2010.12.13 17:48:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.12.09 13:45:59 | 000,141,000 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\nsc\bin\nassvc32.exe -- (NASS)
SRV - [2010.12.02 11:13:55 | 000,308,408 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA)
SRV - [2010.11.11 13:43:28 | 000,075,104 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe -- (eLoggerSvc6)
SRV - [2010.11.10 14:59:37 | 000,090,656 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\Nprosec.exe -- (NPROSECSVC)
SRV - [2010.11.10 14:48:32 | 000,223,000 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\Nnf.exe -- (NNFSVC)
SRV - [2010.11.08 18:02:27 | 000,111,912 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe -- (Norman NJeeves)
SRV - [2010.11.08 18:02:27 | 000,099,312 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\scheduler.exe -- (Scheduler)
SRV - [2010.11.08 17:56:34 | 000,336,304 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\nig\bin\nigsvc32.exe -- (NIG)
SRV - [2010.11.08 17:56:34 | 000,290,472 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\npf\bin\npfsvc32.exe -- (NPFSvc32)
SRV - [2010.11.08 17:56:34 | 000,198,168 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Nvc\Bin\nvcoas.exe -- (nvcoas)
SRV - [2010.11.08 17:56:34 | 000,100,336 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\npm\bin\nvoy.exe -- (NVOY)
SRV - [2010.08.17 11:44:58 | 000,099,904 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npt\Bin\Npsvc32.exe -- (npsvc32)
SRV - [2010.03.25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.10.09 07:07:56 | 000,107,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007.05.31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011.08.13 10:11:44 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.08.13 10:11:03 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110813.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.08.13 10:11:03 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011.08.13 10:11:03 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.08.13 10:11:03 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110813.002\NAVENG.SYS -- (NAVENG)
DRV - [2011.08.12 08:32:30 | 000,367,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110812.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011.07.23 00:32:12 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110723.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.07.08 17:44:30 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SYMNETS.SYS -- (SymNetS)
DRV - [2011.03.31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011.03.31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011.03.15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011.01.27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010.12.13 18:58:15 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\WinUSB.SYS -- (WINUSB)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.16 03:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010.11.11 14:01:40 | 000,024,688 | ---- | M] (Norman ASA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\nvcv32mf.sys -- (NvcMFlt)
DRV - [2010.11.10 15:48:11 | 000,040,384 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\nregsec.sys -- (nregsec)
DRV - [2010.11.10 15:48:00 | 000,074,144 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Program Files\Norman\Ngs\Bin\nprosec.sys -- (NPROSEC)
DRV - [2010.11.10 15:47:28 | 000,061,472 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Windows\System32\drivers\ale_nf.sys -- (ALE_NF)
DRV - [2010.02.25 01:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2010.01.04 15:44:43 | 000,026,744 | ---- | M] (Norman ASA) [Kernel | System | Running] -- c:\Program Files\Norman\Ngs\Bin\ngs.sys -- (NGS)
DRV - [2009.12.03 17:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.10.09 14:24:40 | 000,022,880 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Nse\Bin\Ndiskio.sys -- (Ndiskio)
DRV - [2009.10.03 07:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009.06.25 17:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009.06.25 17:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009.06.25 17:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009.02.24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008.03.03 20:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.03.06 19:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.02.16 14:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 9A 19 3D 6D 9A CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.no"
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Gerhardsen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.08.13 22:51:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_0_8 [2011.08.14 12:16:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.24 10:49:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.04 12:01:18 | 000,000,000 | ---D | M]

[2010.12.13 14:28:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerhardsen\AppData\Roaming\Mozilla\Extensions
[2011.06.24 10:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerhardsen\AppData\Roaming\Mozilla\Firefox\Profiles\9djpbfmq.default\extensions
[2011.06.24 10:49:25 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Gerhardsen\AppData\Roaming\Mozilla\Firefox\Profiles\9djpbfmq.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010.12.13 18:59:10 | 000,002,059 | ---- | M] () -- C:\Users\Gerhardsen\AppData\Roaming\Mozilla\Firefox\Profiles\9djpbfmq.default\searchplugins\daemon-search.xml
[2011.07.24 15:02:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.01.11 23:45:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.07.24 15:02:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011.08.14 12:16:47 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_0_8
[2011.08.13 22:51:44 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
() (No name found) -- C:\USERS\GERHARDSEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DJPBFMQ.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\GERHARDSEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DJPBFMQ.DEFAULT\EXTENSIONS\[email protected]
[2011.06.24 10:49:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.11.30 16:11:52 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011.08.14 12:15:23 | 000,000,000 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NOELauncher] C:\Program Files\Norman\nsc\bin\noelauncher.exe (Norman ASA)
O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Spyware Doctor with AntiVirus] C:\Users\Gerhardsen\Desktop\sdasetup_revwire207.exe ()
O4 - Startup: C:\Users\Gerhardsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O4 - Startup: C:\Users\Gerhardsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.75.75.75 193.75.75.193 193.75.75.75
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2007.10.08 19:52:46 | 000,000,042 | R--- | M] () - K:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2005.10.13 23:23:46 | 000,045,056 | R--- | M] () - M:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.09.27 02:21:07 | 000,000,158 | R--- | M] () - M:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.08.14 02:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.08.14 00:51:08 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\Desktop\page_p_2047960_files
[2011.08.14 00:50:43 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\Desktop\topic372491_files
[2011.08.13 22:48:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.13 12:11:22 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Local\Adobe
[2011.08.13 12:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011.08.13 12:02:14 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.08.13 10:11:43 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys
[2011.08.13 10:11:43 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.sys
[2011.08.13 10:11:43 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys
[2011.08.13 10:11:43 | 000,299,640 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symnets.sys
[2011.08.13 10:11:43 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.sys
[2011.08.13 10:11:42 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\ironx86.sys
[2011.08.13 10:11:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0501000.01D
[2011.08.13 03:41:01 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.13 03:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.13 03:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.13 03:02:31 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.08.13 03:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011.08.13 03:01:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011.08.13 03:01:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011.08.13 03:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011.08.13 03:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011.08.13 00:37:53 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\SUPERAntiSpyware.com
[2011.08.13 00:37:22 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.08.13 00:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.08.13 00:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.08.12 22:22:00 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\ScanSpyware
[2011.08.12 22:21:59 | 000,008,704 | ---- | C] (ScanSpyware.net) -- C:\Windows\System32\ssbtsr.exe
[2011.08.12 22:21:59 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ScanSpyware
[2011.08.12 22:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSpyware
[2011.08.12 21:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.08.10 17:57:37 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Roaming\com.aspiro.wimp.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1
[2011.08.10 17:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Wimp
[2011.08.07 11:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJEPPEX
[2011.08.07 11:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJEPPEX2
[2011.08.07 11:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonEPP
[2011.08.05 01:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJSolutionMenu
[2011.08.04 23:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJEGV
[2011.08.04 23:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Pro9500 Mark II series Manual
[2011.08.04 23:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJMyPrinter
[2011.08.04 23:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2011.08.04 23:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brukerregistrering for Canon Pro9500 Mark II series
[2011.08.04 23:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011.08.04 23:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonBJ
[2011.08.04 23:16:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2011.08.04 23:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Pro9500 II series
[2011.08.04 23:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\CanonBJ
[2011.08.04 22:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011.08.04 12:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.08.03 16:41:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011.08.03 16:37:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.08.02 21:05:58 | 000,000,000 | ---D | C] -- C:\Users\Gerhardsen\AppData\Local\Downloaded Installations
[2011.08.02 21:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011.07.24 15:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2011.08.14 12:23:59 | 000,019,792 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.14 12:23:59 | 000,019,792 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.14 12:16:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.14 12:16:22 | 1609,814,016 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.14 12:15:23 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.08.14 01:27:34 | 000,001,182 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\asdf.com.lnk
[2011.08.14 01:22:57 | 378,039,140 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.08.14 01:09:37 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.14 01:09:37 | 000,456,756 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2011.08.14 01:09:37 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.14 01:09:37 | 000,077,230 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2011.08.14 00:51:09 | 000,263,294 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\page_p_2047960.htm
[2011.08.14 00:50:45 | 000,150,518 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\topic372491.html
[2011.08.13 22:30:12 | 000,000,512 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\MBR.dat
[2011.08.13 22:27:46 | 000,001,416 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\aswMBR(1).exe - Shortcut.lnk
[2011.08.13 21:43:54 | 000,001,356 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\OTL - Shortcut (2).lnk
[2011.08.13 21:18:41 | 000,000,589 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\OTL - Shortcut.lnk
[2011.08.13 12:02:14 | 000,002,947 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\HiJackThis.lnk
[2011.08.13 10:15:09 | 001,616,530 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011.08.13 10:11:44 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.08.13 10:11:44 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.08.13 10:11:44 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.08.13 00:37:22 | 000,001,921 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.13 00:26:36 | 000,000,805 | ---- | M] () -- C:\Windows\ScanSpyware.INI
[2011.08.12 22:22:00 | 000,001,097 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\Diagnose & Fix.lnk
[2011.08.12 22:22:00 | 000,001,083 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\ScanSpyware.lnk
[2011.08.12 21:46:12 | 000,512,992 | ---- | M] () -- C:\Users\Gerhardsen\Desktop\sdasetup_revwire207.exe
[2011.08.04 11:56:15 | 000,406,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011.08.14 01:27:34 | 000,001,182 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\asdf.com.lnk
[2011.08.14 00:51:07 | 000,263,294 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\page_p_2047960.htm
[2011.08.14 00:50:43 | 000,150,518 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\topic372491.html
[2011.08.13 22:30:12 | 000,000,512 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\MBR.dat
[2011.08.13 22:27:45 | 000,001,416 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\aswMBR(1).exe - Shortcut.lnk
[2011.08.13 21:43:54 | 000,001,356 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\OTL - Shortcut (2).lnk
[2011.08.13 21:18:41 | 000,000,589 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\OTL - Shortcut.lnk
[2011.08.13 12:02:14 | 000,002,947 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\HiJackThis.lnk
[2011.08.13 10:14:38 | 001,616,530 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011.08.13 10:11:43 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.cat
[2011.08.13 10:11:43 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.cat
[2011.08.13 10:11:43 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.cat
[2011.08.13 10:11:43 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.cat
[2011.08.13 10:11:43 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.inf
[2011.08.13 10:11:43 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.inf
[2011.08.13 10:11:43 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.inf
[2011.08.13 10:11:43 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.inf
[2011.08.13 10:11:43 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.inf
[2011.08.13 10:11:42 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.cat
[2011.08.13 10:11:42 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.inf
[2011.08.13 10:11:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.cat
[2011.08.13 10:11:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\isolate.ini
[2011.08.13 03:02:31 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.08.13 03:02:31 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.08.13 00:37:22 | 000,001,921 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.13 00:26:36 | 000,000,805 | ---- | C] () -- C:\Windows\ScanSpyware.INI
[2011.08.12 22:22:00 | 000,001,097 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\Diagnose & Fix.lnk
[2011.08.12 22:22:00 | 000,001,083 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\ScanSpyware.lnk
[2011.08.12 21:46:18 | 000,512,992 | ---- | C] () -- C:\Users\Gerhardsen\Desktop\sdasetup_revwire207.exe
[2011.06.24 00:17:59 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.24 00:16:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.10 01:34:16 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.01.12 00:38:25 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.01.10 02:44:57 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.01.10 02:44:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.01.10 02:44:57 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.01.10 02:44:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.01.10 02:44:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.12.16 00:24:57 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.12.16 00:24:55 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.12.16 00:24:51 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010.12.16 00:24:49 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.12.13 21:41:56 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.12.13 17:47:22 | 000,456,756 | ---- | C] () -- C:\Windows\System32\perfh014.dat
[2010.12.13 17:47:22 | 000,298,300 | ---- | C] () -- C:\Windows\System32\perfi014.dat
[2010.12.13 17:47:22 | 000,077,230 | ---- | C] () -- C:\Windows\System32\perfc014.dat
[2010.12.13 17:47:22 | 000,036,156 | ---- | C] () -- C:\Windows\System32\perfd014.dat
[2010.11.11 16:51:29 | 000,000,805 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll
[2009.12.02 20:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,406,848 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011.06.18 20:34:15 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Anarchy
[2010.12.16 18:07:03 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\AnvSoft
[2011.06.02 09:31:49 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Atari
[2011.06.21 20:23:53 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Awem
[2010.12.14 20:04:20 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Big Fish Games
[2011.08.14 12:28:41 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\BitTorrent
[2011.06.19 17:49:17 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Chirurgie Simulation
[2011.08.10 17:57:37 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\com.aspiro.wimp.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1
[2010.12.13 18:57:31 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\DAEMON Tools Lite
[2011.05.18 13:24:51 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\DailyMagic
[2011.05.20 10:21:56 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Elephant Games
[2011.07.06 17:58:25 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\ERS Game Studios
[2011.06.14 13:57:12 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Frogwares
[2011.06.12 21:13:51 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Gogii
[2011.04.04 19:59:16 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\IkitMovie
[2011.01.13 15:16:47 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\IrfanView
[2011.06.02 09:19:06 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Leadertech
[2011.03.08 02:14:01 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\LucasArts
[2011.06.11 15:54:27 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\MumboJumbo
[2010.12.13 17:05:40 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Option
[2011.06.29 12:28:15 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Orneon
[2011.08.12 22:22:05 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\ScanSpyware
[2011.05.13 10:11:04 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Silverback Productions
[2011.01.13 02:19:55 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Tific
[2011.06.12 00:15:25 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\Unity
[2011.06.16 13:41:07 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\ValuSoft
[2011.06.12 19:21:05 | 000,000,000 | ---D | M] -- C:\Users\Gerhardsen\AppData\Roaming\VendelGAMES
[2011.05.11 11:59:23 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:943971F5
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:587F3582
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:ECF3C50F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F6A0889A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:2652902F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:90D89144
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6B86037F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B9B3B2FE

< End of report >
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks good - lets sweep for orphans now. Once done can you let me know what problems remain

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#14
xharks

xharks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
There were no threats found and didn`t have to reboot. There`s some things yet to be fixed;

I used "Unhide" to gain access to my documents again but still some programs are missing such as MS Paint and so on. Can`t find recycle bin for an example.

Now when I reboot my computer and have logged in to windows, a message pops up,asking if I want to run something with Rewire? (safetymessage- not from norton og norman).




Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Databaseversjon: 7463

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

14.08.2011 13:38:57
mbam-log-2011-08-14 (13-38-57).txt

Skanntype: Hurtigsøk
Objekter skannet: 148962
Tid tilbakelagt: 11 minutt(er), 34 sekund(er)

Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 0
Registerverdier infisert: 0
Registerfiler infisert: 0
Mapper infisert: 0
Filer infisert 0

Minneprosesser infisert:
(Ingen skadelige objekter funnet)

Minnemoduler infisert:
(Ingen skadelige objekter funnet)

Registernøkler infisert:
(Ingen skadelige objekter funnet)

Registerverdier infisert:
(Ingen skadelige objekter funnet)

Registerfiler infisert:
(Ingen skadelige objekter funnet)

Mapper infisert:
(Ingen skadelige objekter funnet)

Filer infisert
(Ingen skadelige objekter funnet)
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Rewire is an audio apllication - do you use it ?


Reference recycle bin : Right click the desktop and click personalize
On the left select Desktop Icons
Then place a tick alongside recycle bin
[attachment=51907:Capture.GIF]

For paint and the like : Locate the executable file
Right click and select pin to start menu
[attachment=51908:Untitled.gif]

Anything else ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP