Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware.packer.gen found in c:\mwrwx.exe [Solved]


  • This topic is locked This topic is locked

#1
nabcake

nabcake

    Member

  • Member
  • PipPip
  • 14 posts
description:

So, i downloaded a file from a "trusted" source, and after a while i noticed it might contain some kind of malware. Basicly, i use MTBM, and after a quick scan some entries appears, not thinking much of this i quarantine it, and thinks everything is ok.
but after restarting the system, i realize that the same entries still exist. when i tried to open emisoft hijackfree i got error "file is corrupt", fixed that afterwards, some websites are blocked, like virustotal.com, when googling anything related with "mwrwx.exe" i get very few hits, in Chinese or something, seems censored.

OTL.txt

OTL logfile created on: 6/23/2012 12:55:15 AM - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Documents and Settings\N4bc4k3\Mine dokumenter\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: USA | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.08% Memory free
3.85 Gb Paging File | 3.00 Gb Available in Paging File | 77.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 29.29 Gb Total Space | 9.52 Gb Free Space | 32.48% Space Free | Partition Type: NTFS
Drive D: | 203.58 Gb Total Space | 19.89 Gb Free Space | 9.77% Space Free | Partition Type: NTFS
Drive E: | 2.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: N4B-C4K3 | User Name: N4bc4k3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/23 00:54:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\Downloads\OTL.exe
PRC - [2012/06/23 00:41:01 | 000,012,970 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Temp\winvyjqr.exe
PRC - [2012/06/16 22:16:55 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programfiler\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:38 | 001,059,504 | ---- | M] (Malwarebytes Corporation) -- D:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/02/10 23:20:22 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Programfiler\steam\Steam.exe
PRC - [2011/12/09 19:22:26 | 000,144,384 | ---- | M] (Nullsoft, Inc.) -- D:\Programfiler\Winamp\winampa.exe
PRC - [2011/10/24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/07 08:15:04 | 003,634,040 | ---- | M] (Emsi Software GmbH) -- D:\Programfiler\Emsisoft HiJackFree\a2hijackfree.exe
PRC - [2010/04/09 03:42:28 | 000,241,768 | ---- | M] (NVIDIA Corporation) -- C:\Programfiler\NVIDIA Corporation\Raid\nvraidservice.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Programfiler\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 18:22:49 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/23 00:41:01 | 000,012,970 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Temp\winvyjqr.exe
MOD - [2012/06/22 23:59:23 | 020,313,384 | ---- | M] () -- D:\Programfiler\steam\bin\libcef.dll
MOD - [2012/06/22 23:59:14 | 000,895,312 | ---- | M] () -- D:\Programfiler\steam\bin\chromehtml.dll
MOD - [2012/06/22 23:59:13 | 001,099,576 | ---- | M] () -- D:\Programfiler\steam\bin\avcodec-53.dll
MOD - [2012/06/22 23:59:13 | 000,190,776 | ---- | M] () -- D:\Programfiler\steam\bin\avformat-53.dll
MOD - [2012/06/22 23:59:13 | 000,123,192 | ---- | M] () -- D:\Programfiler\steam\bin\avutil-51.dll
MOD - [2012/06/16 22:16:54 | 002,042,848 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 15:54:34 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 11:35:42 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 11:35:32 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 02:01:49 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/20 13:47:30 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/05/10 15:38:28 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/10 15:38:22 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/10 15:36:22 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/10 15:32:56 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/10 15:32:41 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/12/30 19:32:52 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_no_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2011/12/30 19:32:51 | 000,286,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_no_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011/11/09 22:45:32 | 000,270,336 | ---- | M] () -- C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programfiler\Fellesfiler\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programfiler\Fellesfiler\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2008/04/14 18:22:11 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/16 22:16:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programfiler\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/20 13:47:31 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/19 18:03:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/12/30 18:47:01 | 000,161,280 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/10/24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programfiler\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\JamDRV.sys -- (JAMVOX_AA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\JamWdm.sys -- (JAMVOX_01)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqvpoq.sys -- (amsint32)
DRV - [2012/06/23 00:41:00 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/03/09 10:57:28 | 000,024,328 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2012/01/15 19:57:22 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/12/14 17:13:56 | 000,105,416 | ---- | M] (CEntrance, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jamvox.sys -- (JamVOXUSBAudioSrv)
DRV - [2011/11/10 05:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/10/17 19:40:22 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/07/29 14:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/06/15 15:22:28 | 000,284,632 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2011/06/15 15:21:12 | 000,084,312 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Filt\VBFilt.dll -- (VBFilt)
DRV - [2011/06/15 15:21:10 | 000,078,656 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - [2011/06/15 15:21:04 | 000,764,880 | ---- | M] (Agnitum Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2011/05/19 16:55:28 | 000,103,512 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2011/03/28 19:55:54 | 000,032,472 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2011/02/02 18:04:22 | 000,242,040 | ---- | M] (VirusBuster Kft.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBEngNT.sys -- (VBEngNT)
DRV - [2010/03/18 21:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 21:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 21:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 21:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 21:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 21:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 21:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 21:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 21:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/03/18 21:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 21:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2010/03/18 21:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 21:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2010/03/18 21:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 21:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2010/03/18 21:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 21:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2010/03/18 21:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/08/04 11:28:18 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/07/06 11:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2008/11/12 17:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/04/13 20:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/10/12 17:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/09/12 04:45:38 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/12 04:45:36 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/22 03:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/13 11:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programfiler\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programfiler\ITunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programfiler\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programfiler\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programfiler\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programfiler\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programfiler\Mozilla Firefox\components [2012/06/16 22:16:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programfiler\Mozilla Firefox\plugins [2012/06/21 19:38:00 | 000,000,000 | ---D | M]

[2012/04/06 14:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N4bc4k3\Programdata\Mozilla\Extensions
[2012/05/02 18:15:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N4bc4k3\Programdata\Mozilla\Firefox\Profiles\3v9gbb6i.default\extensions
[2012/06/21 19:38:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programfiler\Mozilla Firefox\extensions
[2011/12/31 00:46:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programfiler\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/21 19:38:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/06/16 22:16:56 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programfiler\mozilla firefox\components\browsercomps.dll
[2011/12/09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programfiler\mozilla firefox\plugins\npwachk.dll
[2012/06/16 22:16:52 | 000,002,252 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\bing.xml
[2012/06/16 22:16:52 | 000,002,040 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programfiler\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Programfiler\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programfiler\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programfiler\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programfiler\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Programfiler\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Programfiler\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Programfiler\ITunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/25 03:37:55 | 000,441,313 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15171 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programfiler\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programfiler\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programfiler\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Programfiler\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\Programfiler\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] d:\Programfiler\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programfiler\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] D:\Programfiler\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - d:\Programfiler\Agnitum\Outpost Security Suite Pro\ie_bar.dll (Agnitum Ltd.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{184F38BC-3F79-4D10-AC91-2C8313224FB3}: DhcpNameServer = 192.168.10.1 192.168.10.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (d:\progra~1\agnitum\outpos~1\wl_hook.dll) - d:\Programfiler\Agnitum\Outpost Security Suite Pro\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Min gjeldende hjemmeside) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programfiler\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/30 02:29:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/06/10 01:03:18 | 000,000,181 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/06/10 01:03:18 | 000,000,319 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{bddbb15c-3306-11e1-bba0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bddbb15c-3306-11e1-bba0-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 00:41:00 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/06/22 19:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Programdata\Malwarebytes
[2012/06/22 19:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Programmer\Malwarebytes' Anti-Malware
[2012/06/22 19:03:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/22 19:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\Malwarebytes
[2012/06/21 19:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\McAfee
[2012/06/21 19:05:07 | 000,000,000 | ---D | C] -- C:\Programfiler\Emsisoft HiJackFree
[2012/06/21 18:54:45 | 000,000,000 | ---D | C] -- C:\Programfiler\Emsisoft Anti-Malware
[2012/06/21 18:54:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\Anti-Malware
[2012/06/17 13:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\Thief - Deadly Shadows
[2012/06/17 13:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Programmer\Eidos
[2012/06/16 22:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\FIFA 10
[2012/06/16 20:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Programdata\Windows Search
[2012/06/10 01:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\FIFA 11
[2012/06/10 01:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Programmer\EA Sports
[2012/06/10 01:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Programdata\Leadertech
[2012/06/05 20:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Skrivebord\Ny mappe
[2012/05/24 16:04:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Programdata\LolClient2
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/23 00:41:00 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/06/23 00:38:19 | 000,103,140 | ---- | M] () -- C:\mwrwx.exe
[2012/06/23 00:37:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/23 00:36:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/23 00:35:49 | 000,031,584 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/23 00:35:49 | 000,031,584 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/23 00:35:49 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/23 00:35:49 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/23 00:35:49 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/23 00:35:22 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-10071102}.CDF
[2012/06/23 00:35:22 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-10071102}.BAK
[2012/06/23 00:08:27 | 000,000,102 | ---- | M] () -- C:\index.ini
[2012/06/22 23:57:47 | 000,001,076 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/06/22 23:57:47 | 000,001,076 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/06/22 19:03:14 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
[2012/06/22 17:30:42 | 000,008,326 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\.recently-used.xbel
[2012/06/21 18:35:25 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\housecall.guid.cache
[2012/06/16 22:38:17 | 000,436,824 | ---- | M] () -- C:\AnalysisLog.sr0
[2012/06/14 11:32:51 | 000,193,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 02:02:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/14 02:02:03 | 000,482,108 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 02:02:03 | 000,315,552 | ---- | M] () -- C:\WINDOWS\System32\perfh014.dat
[2012/06/14 02:02:03 | 000,080,056 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/14 02:02:03 | 000,044,398 | ---- | M] () -- C:\WINDOWS\System32\perfc014.dat
[2012/06/14 01:58:23 | 000,031,550 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/06/12 16:33:30 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/12 14:41:38 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Skype.lnk
[2012/06/10 01:03:18 | 000,000,181 | RHS- | M] () -- C:\autorun.inf
[2012/06/05 20:13:07 | 000,000,459 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\server.properties
[2012/06/01 20:52:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/23 00:38:19 | 000,103,140 | ---- | C] () -- C:\mwrwx.exe
[2012/06/22 19:03:13 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
[2012/06/22 17:30:42 | 000,008,326 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\.recently-used.xbel
[2012/06/21 18:35:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\housecall.guid.cache
[2012/06/16 22:38:09 | 000,436,824 | ---- | C] () -- C:\AnalysisLog.sr0
[2012/06/14 01:58:23 | 000,031,550 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/06/10 01:03:30 | 000,000,181 | RHS- | C] () -- C:\autorun.inf
[2012/06/05 03:01:26 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/04/20 19:52:23 | 000,013,195 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\lol.jpg
[2012/04/15 20:43:46 | 000,000,084 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\appletfile.props
[2012/04/02 00:35:07 | 000,000,030 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2012/04/02 00:31:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2012/02/16 18:31:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/10 22:58:43 | 000,000,459 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\server.properties
[2012/02/10 21:26:34 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/31 01:05:23 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/12/31 01:05:23 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/12/31 01:05:23 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/12/31 01:05:23 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/12/31 01:05:23 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/12/30 19:00:18 | 000,001,428 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/12/30 04:13:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/12/30 04:13:30 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/12/30 04:13:29 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/12/30 04:13:29 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/12/30 03:03:31 | 000,011,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2011/12/30 03:02:46 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/12/30 03:02:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2011/12/30 03:02:29 | 000,011,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2011/12/30 03:02:28 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2011/12/30 03:02:28 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2011/12/30 02:41:28 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\fusioncache.dat
[2011/12/30 02:31:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/30 02:28:07 | 000,021,704 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/30 02:20:31 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/30 02:19:17 | 000,193,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 05:22:14 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\jamvoxdevice.dll
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll

========== LOP Check ==========

[2011/12/30 03:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Agnitum
[2011/12/30 04:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\DAEMON Tools Lite
[2011/12/30 19:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\DriverGenius
[2011/12/30 18:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Easy Driver Pro
[2012/04/12 19:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Electronic Arts
[2012/06/22 23:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\PMB Files
[2012/03/02 21:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\VOX
[2011/12/30 18:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/11 21:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\.minecraft
[2011/12/30 03:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Agnitum
[2012/06/22 02:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Azureus
[2012/06/16 22:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\DAEMON Tools Lite
[2012/04/25 21:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\foobar2000
[2012/06/16 15:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\gtk-2.0
[2012/03/24 18:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Kalypso Media
[2012/06/10 01:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Leadertech
[2011/12/30 21:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\LolClient
[2012/05/24 16:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\LolClient2
[2012/01/28 15:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\minecraft
[2012/04/12 20:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Need for Speed World
[2012/02/14 20:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\OpenOffice.org
[2012/04/15 15:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\PriceGong
[2012/05/15 23:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Spotify
[2012/02/01 19:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Unity
[2012/04/21 01:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\VOX
[2011/12/30 19:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Windows Desktop Search
[2012/06/16 20:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Windows Search

========== Purity Check ==========



< End of report >


Extras.txt

OTL Extras logfile created on: 6/23/2012 12:55:15 AM - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Documents and Settings\N4bc4k3\Mine dokumenter\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: USA | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.08% Memory free
3.85 Gb Paging File | 3.00 Gb Available in Paging File | 77.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 29.29 Gb Total Space | 9.52 Gb Free Space | 32.48% Space Free | Partition Type: NTFS
Drive D: | 203.58 Gb Total Space | 19.89 Gb Free Space | 9.77% Space Free | Partition Type: NTFS
Drive E: | 2.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: N4B-C4K3 | User Name: N4bc4k3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programfiler\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programfiler\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programfiler\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "d:\Programfiler\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "d:\Programfiler\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "d:\Programfiler\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58455:TCP" = 58455:TCP:*:Enabled:Pando Media Booster
"58455:UDP" = 58455:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"58455:TCP" = 58455:TCP:*:Enabled:Pando Media Booster
"58455:UDP" = 58455:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - kompatibilitetsmodus (HTTP inn)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programfiler\Pando Networks\Media Booster\PMB.exe" = C:\Programfiler\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programfiler\Fellesfiler\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programfiler\Fellesfiler\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programfiler\Pando Networks\Media Booster\PMB.exe" = C:\Programfiler\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"D:\Programfiler\Winamp\winamp.exe" = D:\Programfiler\Winamp\winamp.exe:*:Enabled:ipsec -- (Nullsoft, Inc.)
"D:\Programfiler\vuze\Azureus.exe" = D:\Programfiler\vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"D:\Programfiler\steam\Steam.exe" = D:\Programfiler\steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Programfiler\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = D:\Programfiler\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:iw4mp -- ()
"D:\Programfiler\Kalypso Media\Tropico 4\Tropico4.exe" = D:\Programfiler\Kalypso Media\Tropico 4\Tropico4.exe:*:Enabled:Tropico 4
"C:\Documents and Settings\N4bc4k3\Programdata\Spotify\spotify.exe" = C:\Documents and Settings\N4bc4k3\Programdata\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Documents and Settings\All Users\Programdata\Electronic Arts\Need For Speed World\Data\nfsw.exe" = C:\Documents and Settings\All Users\Programdata\Electronic Arts\Need For Speed World\Data\nfsw.exe:*:Enabled:Need for Speed World -- (Electronic Arts)
"C:\Programfiler\Java\jre6\bin\javaw.exe" = C:\Programfiler\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Programfiler\vuze\Support\FIFA 11_code.exe" = D:\Programfiler\vuze\Support\FIFA 11_code.exe:*:Enabled:ipsec -- (Electronic Arts)
"D:\Programfiler\vuze\Redistributable\vcredist_x86_en.exe" = D:\Programfiler\vuze\Redistributable\vcredist_x86_en.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" = C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:ipsec -- (Safer-Networking Ltd.)
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winyhqxkw.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winyhqxkw.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\mpboqb.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\mpboqb.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winttkal.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winttkal.exe:*:Enabled:ipsec
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winesqgu.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winesqgu.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\tsjd.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\tsjd.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqgkhbu.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqgkhbu.exe:*:Enabled:ipsec
"C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" = C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe:*:Enabled:ipsec -- (Advanced Micro Devices, Inc.)
"C:\Programfiler\DAEMON Tools Lite\DTLite.exe" = C:\Programfiler\DAEMON Tools Lite\DTLite.exe:*:Enabled:ipsec -- (DT Soft Ltd)
"C:\Programfiler\NVIDIA Corporation\Raid\nvraidservice.exe" = C:\Programfiler\NVIDIA Corporation\Raid\nvraidservice.exe:*:Enabled:ipsec -- (NVIDIA Corporation)
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmsvcmj.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmsvcmj.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\tbmnd.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\tbmnd.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winrokvv.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winrokvv.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\bkotj.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\bkotj.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\waor.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\waor.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winpiaqfs.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winpiaqfs.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\oxcdnb.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\oxcdnb.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winbrpute.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winbrpute.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqdwl.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqdwl.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\xspwc.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\xspwc.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winecbfmm.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winecbfmm.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wxpebp.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wxpebp.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winwmavk.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winwmavk.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winunrx.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winunrx.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\xmqklc.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\xmqklc.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winctqiqj.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winctqiqj.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winkrth.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winkrth.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\windjdle.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\windjdle.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\clvykn.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\clvykn.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\ouwsgi.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\ouwsgi.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winaiar.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winaiar.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winoice.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winoice.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\pgtwp.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\pgtwp.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmsvpt.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmsvpt.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winlxbbn.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winlxbbn.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winsaxkpq.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winsaxkpq.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\cndc.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\cndc.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmbms.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmbms.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wincqxye.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wincqxye.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winspqqa.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winspqqa.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winsgvug.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winsgvug.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wincyolw.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wincyolw.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winlvwgj.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winlvwgj.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winicxoju.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winicxoju.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\windufx.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\windufx.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wincxdwmk.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wincxdwmk.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\tdanr.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\tdanr.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winilnwwo.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winilnwwo.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winajlgr.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winajlgr.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winnmlwp.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winnmlwp.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\ypfv.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\ypfv.exe:*:Enabled:ipsec
"C:\Programfiler\Adobe\Reader 10.0\Reader\Reader_sl.exe" = C:\Programfiler\Adobe\Reader 10.0\Reader\Reader_sl.exe:*:Enabled:ipsec -- (Adobe Systems Incorporated)
"C:\WINDOWS\system32\CTHELPER.EXE" = C:\WINDOWS\system32\CTHELPER.EXE:*:Enabled:ipsec -- (Creative Technology Ltd)
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\tvig.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\tvig.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winydjwl.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winydjwl.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\rpgux.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\rpgux.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\windqkkch.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\windqkkch.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\dgipdm.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\dgipdm.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\srivdr.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\srivdr.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\bugjkp.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\bugjkp.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\podkl.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\podkl.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winswici.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winswici.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmynr.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmynr.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winjmcwnn.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winjmcwnn.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\vbew.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\vbew.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmlba.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmlba.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\lfisu.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\lfisu.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wineuteu.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wineuteu.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winlpjsx.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winlpjsx.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\cjbd.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\cjbd.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winpauxf.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winpauxf.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\spwp.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\spwp.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winadxq.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winadxq.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\figoe.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\figoe.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\oacabx.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\oacabx.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winrunxfu.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winrunxfu.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winfccp.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winfccp.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winuanahp.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winuanahp.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\bpewsw.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\bpewsw.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winhxpwlg.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winhxpwlg.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\yslx.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\yslx.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\btbd.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\btbd.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winkdtfs.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winkdtfs.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winvxgwh.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winvxgwh.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winnhdd.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winnhdd.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winvvysn.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winvvysn.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winluawv.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winluawv.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winfjdnti.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winfjdnti.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqoegqq.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqoegqq.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\windxhsac.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\windxhsac.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winprydfb.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winprydfb.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winkplmoj.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winkplmoj.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\bvgemx.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\bvgemx.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqfeq.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqfeq.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winaksk.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winaksk.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\uwles.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\uwles.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\noaq.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\noaq.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winyble.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winyble.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winofke.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winofke.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\hwys.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\hwys.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\cgqqbg.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\cgqqbg.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\coff.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\coff.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\ohtqlg.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\ohtqlg.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winpftway.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winpftway.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\rntted.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\rntted.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winwbnwvb.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winwbnwvb.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winnmrxk.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winnmrxk.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\jhpybh.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\jhpybh.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winlrjjdh.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winlrjjdh.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\yyywgx.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\yyywgx.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqdmtb.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqdmtb.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\dtmnpm.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\dtmnpm.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winofwqo.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winofwqo.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winflobgn.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winflobgn.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winbgdin.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winbgdin.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmljlm.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmljlm.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wingklidp.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wingklidp.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\pvou.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\pvou.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winsnqdr.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winsnqdr.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\tibq.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\tibq.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\windxxij.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\windxxij.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\usdcka.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\usdcka.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqwawm.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqwawm.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winvjua.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winvjua.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\kdcnss.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\kdcnss.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wingvndm.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wingvndm.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winpyplq.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winpyplq.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winchjbkc.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winchjbkc.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wingdmee.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wingdmee.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\staks.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\staks.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winixvm.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winixvm.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winecfoo.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winecfoo.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\nrgvm.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\nrgvm.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winifkcf.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winifkcf.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winlnkgdp.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winlnkgdp.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winakjgr.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winakjgr.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqyyftx.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqyyftx.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\jmsmr.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\jmsmr.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winokykb.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winokykb.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winykij.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winykij.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winonhi.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winonhi.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wineuhgwc.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wineuhgwc.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winlvene.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winlvene.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winhlpiqm.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winhlpiqm.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\ipwbio.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\ipwbio.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\hsnyvg.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\hsnyvg.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winfhet.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winfhet.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqfehtk.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqfehtk.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wintvvm.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wintvvm.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\hndr.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\hndr.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winbfem.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winbfem.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\gljw.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\gljw.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\rpbk.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\rpbk.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winxplgkw.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winxplgkw.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wineblf.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wineblf.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqparr.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqparr.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winbfeshh.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winbfeshh.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\cgaugs.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\cgaugs.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\cmftmj.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\cmftmj.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\mbhn.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\mbhn.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winlghvkt.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winlghvkt.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winnltep.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winnltep.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\pfhlmn.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\pfhlmn.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\suoqe.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\suoqe.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winkacc.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winkacc.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winyatr.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winyatr.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winnibubs.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winnibubs.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\ywbxom.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\ywbxom.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\pbvay.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\pbvay.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winulusrr.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winulusrr.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wdaqu.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wdaqu.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winlgkdw.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winlgkdw.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winlfdt.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winlfdt.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\simhcp.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\simhcp.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winvojsfb.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winvojsfb.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winbann.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winbann.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\oxlw.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\oxlw.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winwyxcvv.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winwyxcvv.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wineckvh.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wineckvh.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\txnknk.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\txnknk.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\owqj.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\owqj.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqygxck.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqygxck.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wndaut.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wndaut.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winakiwi.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winakiwi.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\pdoouu.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\pdoouu.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winselody.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winselody.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\windutt.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\windutt.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\ntoa.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\ntoa.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winhjsr.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winhjsr.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winwpoj.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winwpoj.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\awej.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\awej.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\windwkiag.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\windwkiag.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winldbl.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winldbl.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winjncw.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winjncw.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\cqkohv.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\cqkohv.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\iehbt.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\iehbt.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\bxjxro.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\bxjxro.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wingfjr.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wingfjr.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winxupy.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winxupy.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winixyd.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winixyd.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\sbdc.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\sbdc.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winrfasv.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winrfasv.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winyupg.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winyupg.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\lacs.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\lacs.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winyilmj.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winyilmj.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winkjndks.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winkjndks.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winxodu.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winxodu.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winfnteps.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winfnteps.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winskbpng.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winskbpng.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\ksufa.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\ksufa.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winxgfirb.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winxgfirb.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmtjc.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmtjc.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wintpwdkn.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wintpwdkn.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\ujvw.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\ujvw.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winjbeqck.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winjbeqck.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\lebm.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\lebm.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winetkjkp.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winetkjkp.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\sgfaia.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\sgfaia.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winthol.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winthol.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqtxfc.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqtxfc.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\yudojw.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\yudojw.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winxbcoae.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winxbcoae.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winrrfcn.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winrrfcn.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\sidd.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\sidd.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\qxeye.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\qxeye.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winwfbc.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winwfbc.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\iehhc.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\iehhc.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\pehov.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\pehov.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winnfdic.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winnfdic.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winrwjtb.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winrwjtb.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winnppf.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winnppf.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\fkysp.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\fkysp.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\laweoh.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\laweoh.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winanqf.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winanqf.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\qtoy.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\qtoy.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\bqhki.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\bqhki.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmsek.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmsek.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\rstr.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\rstr.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winpajs.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winpajs.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winsuqw.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winsuqw.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winckarmu.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winckarmu.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\pppa.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\pppa.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\qqcg.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\qqcg.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winpcvy.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winpcvy.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\vycx.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\vycx.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\oqrv.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\oqrv.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\rybsd.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\rybsd.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wingwxech.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wingwxech.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winftitmk.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winftitmk.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\windqhp.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\windqhp.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winhthyj.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winhthyj.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\syuf.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\syuf.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\whmf.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\whmf.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winrwcrmb.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winrwcrmb.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmhxxtx.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmhxxtx.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\yvcle.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\yvcle.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\nenw.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\nenw.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wincuihc.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wincuihc.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winxaoe.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winxaoe.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winiihlp.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winiihlp.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wintgqbrm.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wintgqbrm.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wintgjy.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wintgjy.exe:*:Enabled:ipsec
"C:\WINDOWS\system32\userinit.exe" = C:\WINDOWS\system32\userinit.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\oned.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\oned.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\ubrdng.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\ubrdng.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winjxsgl.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winjxsgl.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winywvr.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winywvr.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winwqiua.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winwqiua.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\rltbh.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\rltbh.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\fccw.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\fccw.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\oyjvf.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\oyjvf.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\hhrqqm.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\hhrqqm.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winilcd.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winilcd.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wintoikdf.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wintoikdf.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wsoks.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wsoks.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wineoqus.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wineoqus.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winigum.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winigum.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wineladg.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wineladg.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\rpuuwn.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\rpuuwn.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\alhn.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\alhn.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winhwgqpm.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winhwgqpm.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winaaoa.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winaaoa.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\cbspy.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\cbspy.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winpvrmm.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winpvrmm.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\windfagm.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\windfagm.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winupitre.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winupitre.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmgmmb.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmgmmb.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\eniw.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\eniw.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winoievqu.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winoievqu.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\xljeb.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\xljeb.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winnvnmi.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winnvnmi.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wingshac.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\wingshac.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\tnxl.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\tnxl.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\yienmu.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\yienmu.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmgka.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmgka.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\dveb.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\dveb.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\bwpoft.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\bwpoft.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\nagqn.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\nagqn.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqvabli.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqvabli.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\lgwk.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\lgwk.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqvufv.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqvufv.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\refk.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\refk.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmqnu.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winmqnu.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\umisg.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\umisg.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\niboof.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\niboof.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\tgkyll.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\tgkyll.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\sduc.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\sduc.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\mciitv.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\mciitv.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winbfox.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winbfox.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\yqjv.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\yqjv.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\vobo.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\vobo.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\gtssfs.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\gtssfs.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqhwwom.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winqhwwom.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\uvkfv.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\uvkfv.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\qlhr.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\qlhr.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\qmqq.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\qmqq.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\outmv.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\outmv.exe:*:Enabled:ipsec
"C:\Programfiler\Mozilla Firefox\firefox.exe" = C:\Programfiler\Mozilla Firefox\firefox.exe:*:Enabled:ipsec -- (Mozilla Corporation)
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winginu.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winginu.exe:*:Enabled:ipsec
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\fuutt.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\fuutt.exe:*:Enabled:ipsec
"D:\Programfiler\Emsisoft HiJackFree\a2hijackfree.exe" = D:\Programfiler\Emsisoft HiJackFree\a2hijackfree.exe:*:Enabled:ipsec -- (Emsi Software GmbH)
"C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winvyjqr.exe" = C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\winvyjqr.exe:*:Enabled:ipsec -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{30F00D74-F3A2-4512-8EAA-E14DA2F90434}" = Microsoft .NET Framework (Norwegian)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C9414-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3828EC4B-D4B9-A742-4D81-9C0A3C72DF8A}" = CCC Help English
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EAC35F4-FF26-4123-9404-0B5B93DAB570}" = Microsoft .NET Framework 1.1 Norwegian Language Pack
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81A917A1-DBA3-3639-53DA-B6E833D41A57}" = ccc-utility
"{82931CCC-65F4-5A50-57AD-AE6DF6B10929}" = Catalyst Control Center
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8F23E786-61A7-4708-B7C2-1A41DFD79162}" = OpenOffice.org 3.3
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F368FA7-2B3C-8207-A31F-0BEF463F4B6E}" = AMD Catalyst Install Manager
"{A0A087E5-149E-EC75-F45D-3A3C04344B4A}" = Catalyst Control Center Graphics Previews Common
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3499A41-41EA-3567-977C-29E9E226A360}" = Microsoft .NET Framework 4 Client Profile NOR Language Pack
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B00C01D2-2A74-4FB8-AD86-111C77F3CF7E}" = JamVOX
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC452A50-5C87-4A1F-B295-445C3C69BF7D}" = NVIDIA MediaShield
"{CC67DD84-77C6-C9F8-FA03-953F1C1C92A9}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{cecadf9c-37e1-42d4-a3f8-d29c55be3e45}" = Nero 9 Essentials
"{CF7C2683-9FBE-4223-84E7-43FED4912CD5}" = Microsoft .NET Framework 2.0 Language Pack - NOR
"{D179B513-AD43-4013-AC50-C16107A0A02D}" = LogMeIn Hamachi
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agnitum Outpost Security Suite Pro_is1" = Outpost Security Suite Pro 7.5.1
"AudioCS" = Creative Audio Console
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60.1
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DAEMON Tools Lite" = DAEMON Tools Lite
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"Emsisoft HiJackFree_is1" = Emsisoft HiJackFree 4.5
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v1.1.10
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"JamVOX USB Driver" = JamVOX USB Driver
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versjon 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - NOR" = Microsoft .NET Framework 2.0 Language Pack - NOR
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NOR Language Pack" = Microsoft .NET Framework 4 Client Profile NOR Language Pack
"Microsoft .NET Framework Full v1.0.3705 (1044)" = Microsoft .NET Framework (Norwegian) v1.0.3705
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"SFBM" = SoundFont Bank Manager
"VLC media player" = VLC media player 2.0.0
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/17/2012 2:43:58 PM | Computer Name = N4B-C4K3 | Source = Application Error | ID = 1000
Description = Feilende program iw4mp.exe, versjon 0.0.0.0, feilende modul iw4mp.exe,
versjon 0.0.0.0, feiladresse 0x00189c22.

Error - 4/19/2012 2:46:45 PM | Computer Name = N4B-C4K3 | Source = Application Error | ID = 1000
Description = Feilende program iw4mp.exe, versjon 0.0.0.0, feilende modul iw4mp.exe,
versjon 0.0.0.0, feiladresse 0x00189c14.

Error - 4/20/2012 10:45:24 AM | Computer Name = N4B-C4K3 | Source = Application Hang | ID = 1002
Description = Hengende program League of Legends.exe, versjon 1.0.0.138, hengende
modul hungapp, versjon 0.0.0.0, hengeadresse 0x00000000.

Error - 4/20/2012 12:31:05 PM | Computer Name = N4B-C4K3 | Source = Application Error | ID = 1000
Description = Feilende program lolclient.exe, versjon 2.0.2.12610, feilende modul
adobe air.dll, versjon 3.1.0.4880, feiladresse 0x003d64a0.

Error - 4/21/2012 1:12:31 PM | Computer Name = N4B-C4K3 | Source = Application Error | ID = 1000
Description = Feilende program nfsw.exe, versjon 1.0.0.874, feilende modul unknown,
versjon 0.0.0.0, feiladresse 0x9001bd02.

Error - 4/27/2012 8:53:08 AM | Computer Name = N4B-C4K3 | Source = Application Error | ID = 1000
Description = Feilende program nfsw.exe, versjon 1.0.0.874, feilende modul nfsw.exe,
versjon 1.0.0.874, feiladresse 0x005a8c89.

Error - 4/27/2012 8:57:23 AM | Computer Name = N4B-C4K3 | Source = Application Error | ID = 1000
Description = Feilende program nfsw.exe, versjon 1.0.0.874, feilende modul nfsw.exe,
versjon 1.0.0.874, feiladresse 0x00501390.

Error - 5/1/2012 9:13:57 AM | Computer Name = N4B-C4K3 | Source = Application Error | ID = 1000
Description = Feilende program nfsw.exe, versjon 1.0.0.874, feilende modul msvcr90.dll,
versjon 9.0.30729.4148, feiladresse 0x0003aee8.

Error - 5/2/2012 12:39:14 PM | Computer Name = N4B-C4K3 | Source = Application Error | ID = 1000
Description = Feilende program nfsw.exe, versjon 1.0.0.893, feilende modul msvcr90.dll,
versjon 9.0.30729.4148, feiladresse 0x00024651.

Error - 5/2/2012 12:55:09 PM | Computer Name = N4B-C4K3 | Source = Application Error | ID = 1000
Description = Feilende program nfsw.exe, versjon 1.0.0.893, feilende modul nfsw.exe,
versjon 1.0.0.893, feiladresse 0x005a978a.

[ System Events ]
Error - 5/30/2012 3:34:44 PM | Computer Name = N4B-C4K3 | Source = Service Control Manager | ID = 7009
Description = Tidsavbrudd (30000 millisekunder). Venter på at tjenesten Steam Client
Service skal kobles til.

Error - 5/30/2012 3:34:44 PM | Computer Name = N4B-C4K3 | Source = Service Control Manager | ID = 7000
Description = Tjenesten Steam Client Service kan ikke startes på grunn av følgende
feil: %%1053

Error - 6/1/2012 2:52:33 PM | Computer Name = N4B-C4K3 | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x8007001f.

Error - 6/1/2012 2:54:50 PM | Computer Name = N4B-C4K3 | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x8007001f.

Error - 6/1/2012 2:57:37 PM | Computer Name = N4B-C4K3 | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x8007001f.

Error - 6/1/2012 2:57:50 PM | Computer Name = N4B-C4K3 | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.


< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if this will remove your problems

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqvpoq.sys -- (amsint32)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
    [2012/06/23 00:38:19 | 000,103,140 | ---- | M] () -- C:\mwrwx.exe


    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Temp\winvyjqr.exe

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
nabcake

nabcake

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
thank you for responding to this thread.
i ran the custom fix, however processes with random generated names still appears, they all leads to a file with the same random name located in "C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Temp\"

here is the custom fix log:

All processes killed
========== OTL ==========
Error: Unable to stop service amsint32!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 deleted successfully.
File C:\WINDOWS\system32\drivers\mqvpoq.sys not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
C:\mwrwx.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-konfigurasjon
DNS Resolver-bufferen ble tømt.
C:\Documents and Settings\N4bc4k3\Mine dokumenter\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\N4bc4k3\Mine dokumenter\Downloads\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Temp\winvyjqr.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 6491773 bytes

User: N4bc4k3
->Temp folder emptied: 204525160 bytes
->Temporary Internet Files folder emptied: 2132525 bytes
->Java cache emptied: 391419 bytes
->FireFox cache emptied: 624338375 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 588 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1139202 bytes
%systemroot%\System32 .tmp files removed: 3188237 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10477250 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 813.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.52.0 log created on 06232012_164848

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

And the OTL log, which was requested:

OTL logfile created on: 6/23/2012 4:57:43 PM - Run 2
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Documents and Settings\N4bc4k3\Mine dokumenter\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: USA | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 66.88% Memory free
3.85 Gb Paging File | 3.22 Gb Available in Paging File | 83.78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 29.29 Gb Total Space | 10.20 Gb Free Space | 34.81% Space Free | Partition Type: NTFS
Drive D: | 203.58 Gb Total Space | 22.16 Gb Free Space | 10.89% Space Free | Partition Type: NTFS
Drive E: | 2.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: N4B-C4K3 | User Name: N4bc4k3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/23 16:54:33 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Programfiler\steam\Steam.exe
PRC - [2012/06/23 00:54:39 | 000,670,720 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\Downloads\OTL.exe
PRC - [2012/06/16 22:16:55 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programfiler\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- d:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/09 19:22:26 | 000,144,384 | ---- | M] (Nullsoft, Inc.) -- D:\Programfiler\Winamp\winampa.exe
PRC - [2011/10/24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/09 03:42:28 | 000,241,768 | ---- | M] (NVIDIA Corporation) -- C:\Programfiler\NVIDIA Corporation\Raid\nvraidservice.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Programfiler\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 18:22:49 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/23 16:48:04 | 020,313,384 | ---- | M] () -- D:\Programfiler\steam\bin\libcef.dll
MOD - [2012/06/23 16:47:40 | 000,895,312 | ---- | M] () -- D:\Programfiler\steam\bin\chromehtml.dll
MOD - [2012/06/23 16:47:39 | 001,099,576 | ---- | M] () -- D:\Programfiler\steam\bin\avcodec-53.dll
MOD - [2012/06/23 16:47:39 | 000,190,776 | ---- | M] () -- D:\Programfiler\steam\bin\avformat-53.dll
MOD - [2012/06/23 16:47:39 | 000,123,192 | ---- | M] () -- D:\Programfiler\steam\bin\avutil-51.dll
MOD - [2012/06/16 22:16:54 | 002,042,848 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 15:54:34 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 11:35:42 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 11:35:32 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 02:01:49 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/10 15:38:28 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/10 15:38:22 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/10 15:36:22 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/10 15:32:56 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/10 15:32:41 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/12/30 19:32:52 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_no_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2011/12/30 19:32:51 | 000,286,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_no_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011/11/09 22:45:32 | 000,270,336 | ---- | M] () -- C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programfiler\Fellesfiler\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programfiler\Fellesfiler\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2008/04/14 18:22:11 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/16 22:16:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programfiler\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/20 13:47:31 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/19 18:03:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/30 18:47:01 | 000,161,280 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/10/24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programfiler\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\JamDRV.sys -- (JAMVOX_AA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\JamWdm.sys -- (JAMVOX_01)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqvpoq.sys -- (amsint32)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/09 10:57:28 | 000,024,328 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2012/01/15 19:57:22 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/12/14 17:13:56 | 000,105,416 | ---- | M] (CEntrance, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jamvox.sys -- (JamVOXUSBAudioSrv)
DRV - [2011/11/10 05:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/10/17 19:40:22 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/07/29 14:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/06/15 15:22:28 | 000,284,632 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2011/06/15 15:21:12 | 000,084,312 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Filt\VBFilt.dll -- (VBFilt)
DRV - [2011/06/15 15:21:10 | 000,078,656 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - [2011/06/15 15:21:04 | 000,764,880 | ---- | M] (Agnitum Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2011/05/19 16:55:28 | 000,103,512 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2011/03/28 19:55:54 | 000,032,472 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2011/02/02 18:04:22 | 000,242,040 | ---- | M] (VirusBuster Kft.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBEngNT.sys -- (VBEngNT)
DRV - [2010/03/18 21:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 21:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 21:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 21:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 21:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 21:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 21:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 21:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 21:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/03/18 21:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 21:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2010/03/18 21:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 21:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2010/03/18 21:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 21:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2010/03/18 21:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 21:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2010/03/18 21:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/08/04 11:28:18 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/07/06 11:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2008/11/12 17:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/04/13 20:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/10/12 17:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/09/12 04:45:38 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/12 04:45:36 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/22 03:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/13 11:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programfiler\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programfiler\ITunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programfiler\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programfiler\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programfiler\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programfiler\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programfiler\Mozilla Firefox\components [2012/06/16 22:16:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programfiler\Mozilla Firefox\plugins [2012/06/21 19:38:00 | 000,000,000 | ---D | M]

[2012/04/06 14:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N4bc4k3\Programdata\Mozilla\Extensions
[2012/06/23 03:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N4bc4k3\Programdata\Mozilla\Firefox\Profiles\3v9gbb6i.default\extensions
[2012/06/21 19:38:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programfiler\Mozilla Firefox\extensions
[2011/12/31 00:46:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programfiler\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/21 19:38:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/06/23 03:41:12 | 000,017,212 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\N4BC4K3\PROGRAMDATA\MOZILLA\FIREFOX\PROFILES\3V9GBB6I.DEFAULT\EXTENSIONS\[email protected]
[2012/06/16 22:16:56 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programfiler\mozilla firefox\components\browsercomps.dll
[2011/12/09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programfiler\mozilla firefox\plugins\npwachk.dll
[2012/06/16 22:16:52 | 000,002,252 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\bing.xml
[2012/06/16 22:16:52 | 000,002,040 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programfiler\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Programfiler\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programfiler\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programfiler\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programfiler\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Programfiler\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Programfiler\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Programfiler\ITunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/23 16:49:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Programfiler\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programfiler\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programfiler\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programfiler\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Programfiler\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] d:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Programfiler\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] d:\Programfiler\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programfiler\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] d:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] D:\Programfiler\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - d:\Programfiler\Agnitum\Outpost Security Suite Pro\ie_bar.dll (Agnitum Ltd.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Programfiler\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{184F38BC-3F79-4D10-AC91-2C8313224FB3}: DhcpNameServer = 192.168.10.1 192.168.10.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (d:\progra~1\agnitum\outpos~1\wl_hook.dll) - d:\Programfiler\Agnitum\Outpost Security Suite Pro\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Min gjeldende hjemmeside) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programfiler\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/30 02:29:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/06/10 01:03:18 | 000,000,181 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/06/10 01:03:18 | 000,000,319 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{bddbb15c-3306-11e1-bba0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bddbb15c-3306-11e1-bba0-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 16:48:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/23 13:00:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\N4bc4k3\Siste
[2012/06/23 12:16:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/06/23 02:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Programmer\Spybot - Search & Destroy
[2012/06/22 19:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Programdata\Malwarebytes
[2012/06/22 19:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Programmer\Malwarebytes' Anti-Malware
[2012/06/22 19:03:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/22 19:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\Malwarebytes
[2012/06/21 19:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\McAfee
[2012/06/21 19:05:07 | 000,000,000 | ---D | C] -- C:\Programfiler\Emsisoft HiJackFree
[2012/06/21 18:54:45 | 000,000,000 | ---D | C] -- C:\Programfiler\Emsisoft Anti-Malware
[2012/06/21 18:54:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\Anti-Malware
[2012/06/17 13:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\Thief - Deadly Shadows
[2012/06/17 13:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Programmer\Eidos
[2012/06/16 22:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\FIFA 10
[2012/06/16 20:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Programdata\Windows Search
[2012/06/10 01:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\FIFA 11
[2012/06/10 01:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Programmer\EA Sports
[2012/06/10 01:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Programdata\Leadertech
[2012/06/05 20:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Skrivebord\Ny mappe

========== Files - Modified Within 30 Days ==========

[2012/06/23 16:53:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/23 16:53:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/23 16:52:27 | 000,031,584 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/23 16:52:27 | 000,031,584 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/23 16:52:27 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/23 16:52:27 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/23 16:52:27 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/23 16:49:55 | 000,103,140 | ---- | M] () -- C:\mwrwx.exe
[2012/06/23 16:49:52 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/06/23 16:45:04 | 000,001,076 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/06/23 16:45:04 | 000,001,076 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/06/23 15:01:57 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-10071102}.CDF
[2012/06/23 03:46:05 | 007,475,200 | ---- | M] () -- C:\WINDOWS\System32\rmslt.nt
[2012/06/23 03:46:05 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\rmslt.lst
[2012/06/23 02:15:52 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\Skrivebord\Spybot - Search & Destroy.lnk
[2012/06/23 00:08:27 | 000,000,102 | ---- | M] () -- C:\index.ini
[2012/06/22 19:03:14 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
[2012/06/22 17:30:42 | 000,008,326 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\.recently-used.xbel
[2012/06/21 18:35:25 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\housecall.guid.cache
[2012/06/16 22:38:17 | 000,436,824 | ---- | M] () -- C:\AnalysisLog.sr0
[2012/06/14 11:32:51 | 000,193,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 02:02:03 | 000,482,108 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 02:02:03 | 000,315,552 | ---- | M] () -- C:\WINDOWS\System32\perfh014.dat
[2012/06/14 02:02:03 | 000,080,056 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/14 02:02:03 | 000,044,398 | ---- | M] () -- C:\WINDOWS\System32\perfc014.dat
[2012/06/14 01:58:23 | 000,031,550 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/06/12 16:33:30 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/12 14:41:38 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Skype.lnk
[2012/06/10 01:03:18 | 000,000,181 | RHS- | M] () -- C:\autorun.inf
[2012/06/05 20:13:07 | 000,000,459 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\server.properties
[2012/06/01 20:52:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

========== Files Created - No Company Name ==========

[2012/06/23 12:15:29 | 000,103,140 | ---- | C] () -- C:\mwrwx.exe
[2012/06/23 03:46:05 | 007,475,200 | ---- | C] () -- C:\WINDOWS\System32\rmslt.nt
[2012/06/23 03:46:05 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\rmslt.lst
[2012/06/23 02:15:52 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\Skrivebord\Spybot - Search & Destroy.lnk
[2012/06/22 19:03:13 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
[2012/06/22 17:30:42 | 000,008,326 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\.recently-used.xbel
[2012/06/21 18:35:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\housecall.guid.cache
[2012/06/16 22:38:09 | 000,436,824 | ---- | C] () -- C:\AnalysisLog.sr0
[2012/06/14 01:58:23 | 000,031,550 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/06/10 01:03:30 | 000,000,181 | RHS- | C] () -- C:\autorun.inf
[2012/04/20 19:52:23 | 000,013,195 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\lol.jpg
[2012/04/15 20:43:46 | 000,000,084 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\appletfile.props
[2012/04/02 00:35:07 | 000,000,030 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2012/04/02 00:31:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2012/02/16 18:31:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/10 22:58:43 | 000,000,459 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\server.properties
[2012/02/10 21:26:34 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/31 01:05:23 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/12/31 01:05:23 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/12/31 01:05:23 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/12/31 01:05:23 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/12/31 01:05:23 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/12/30 19:00:18 | 000,001,428 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/12/30 04:13:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/12/30 04:13:30 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/12/30 04:13:29 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/12/30 04:13:29 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/12/30 03:03:31 | 000,011,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2011/12/30 03:02:46 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/12/30 03:02:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2011/12/30 03:02:29 | 000,011,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2011/12/30 03:02:28 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2011/12/30 03:02:28 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2011/12/30 02:41:28 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\fusioncache.dat
[2011/12/30 02:31:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/30 02:28:07 | 000,021,704 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/30 02:20:31 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/30 02:19:17 | 000,193,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 05:22:14 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\jamvoxdevice.dll
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll

========== LOP Check ==========

[2011/12/30 03:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Agnitum
[2011/12/30 04:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\DAEMON Tools Lite
[2011/12/30 19:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\DriverGenius
[2011/12/30 18:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Easy Driver Pro
[2012/04/12 19:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Electronic Arts
[2012/06/23 16:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\PMB Files
[2012/03/02 21:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\VOX
[2011/12/30 18:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/11 21:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\.minecraft
[2011/12/30 03:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Agnitum
[2012/06/23 13:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Azureus
[2012/06/23 13:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\DAEMON Tools Lite
[2012/04/25 21:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\foobar2000
[2012/06/16 15:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\gtk-2.0
[2012/03/24 18:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Kalypso Media
[2012/06/10 01:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Leadertech
[2011/12/30 21:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\LolClient
[2012/05/24 16:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\LolClient2
[2012/01/28 15:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\minecraft
[2012/04/12 20:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Need for Speed World
[2012/02/14 20:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\OpenOffice.org
[2012/04/15 15:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\PriceGong
[2012/05/15 23:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Spotify
[2012/02/01 19:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Unity
[2012/04/21 01:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\VOX
[2011/12/30 19:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Windows Desktop Search
[2012/06/16 20:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Windows Search

========== Purity Check ==========



< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets use a bigger hammer

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
nabcake

nabcake

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Those random named processes seems to have stopped appearing, c:\cmwrwx.exe was present, but i quarantined it, and it seems to be gone for good. Also some java/windows c++ error stopped appearing 1 min after every startup, so far it looks good.

Thanl you for your time, usually i deal with malware myself, but that one just didn't want to give up.

here is requested combofix log:

ComboFix 12-06-23.05 - N4bc4k3 06/23/2012 17:14:05.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2046.1321 [GMT 2:00]
Running from: c:\documents and settings\N4bc4k3\Skrivebord\ComboFix.exe
AV: Outpost Security Suite Pro *Disabled/Updated* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: Outpost Security Suite Pro *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\documents and settings\N4bc4k3\Programdata\PriceGong
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\1.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\a.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\b.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\c.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\d.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\e.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\f.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\g.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\h.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\i.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\j.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\k.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\l.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\m.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\mru.xml
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\n.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\o.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\p.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\q.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\r.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\s.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\t.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\u.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\v.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\w.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\wlu.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\x.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\y.txt
c:\documents and settings\N4bc4k3\Programdata\PriceGong\Data\z.txt
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
D:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Service_amsint32
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 15:22 . 2012-06-23 15:22 103140 --sh--r- C:\ikro.exe
2012-06-23 14:48 . 2012-06-23 14:48 -------- d-----w- C:\_OTL
2012-06-23 11:00 . 2012-06-23 11:00 -------- d--h--r- c:\documents and settings\N4bc4k3\Siste
2012-06-23 10:15 . 2012-06-23 14:49 103140 ----a-w- C:\mwrwx.exe
2012-06-23 01:46 . 2012-06-23 01:46 7475200 ----a-w- c:\windows\system32\rmslt.nt
2012-06-22 17:03 . 2012-06-22 17:03 -------- d-----w- c:\documents and settings\N4bc4k3\Programdata\Malwarebytes
2012-06-22 17:03 . 2012-06-22 17:03 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes
2012-06-22 17:03 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 17:38 . 2012-06-21 17:37 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-21 17:37 . 2012-06-21 17:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-21 17:36 . 2012-06-21 17:36 -------- d-----w- c:\documents and settings\All Users\Programdata\McAfee
2012-06-21 17:27 . 2012-06-21 17:27 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-21 17:05 . 2012-06-21 17:15 -------- d-----w- c:\programfiler\Emsisoft HiJackFree
2012-06-21 16:54 . 2012-06-21 17:16 -------- d-----w- c:\programfiler\Emsisoft Anti-Malware
2012-06-16 18:32 . 2012-06-16 18:32 -------- d-----w- c:\documents and settings\N4bc4k3\Programdata\Windows Search
2012-06-13 10:30 . 2012-05-13 11:01 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-09 23:12 . 2012-06-09 23:12 -------- d-----w- c:\documents and settings\N4bc4k3\Programdata\Leadertech
2012-06-07 14:51 . 2012-06-16 20:16 770384 ----a-w- c:\programfiler\Mozilla Firefox\msvcr100.dll
2012-06-07 14:51 . 2012-06-16 20:16 421200 ----a-w- c:\programfiler\Mozilla Firefox\msvcp100.dll
2012-06-06 23:01 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-06-06 23:01 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-06-06 23:01 . 2001-10-06 12:02 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-06-06 23:01 . 2008-04-14 15:22 159232 ----a-w- c:\windows\system32\ptpusd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 17:37 . 2011-12-30 17:28 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 13:19 . 2011-12-30 00:46 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-12-30 00:46 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2011-12-30 00:46 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2011-12-30 00:46 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2011-12-30 00:46 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2011-12-30 00:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2003-04-25 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2011-12-30 00:46 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2011-12-30 00:46 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2011-12-30 00:46 23064 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2011-12-30 00:46 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2011-12-30 00:46 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2011-12-30 00:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2003-04-25 12:00 600064 ----a-w- c:\windows\system32\crypt32.dll
2012-05-20 11:47 . 2012-04-02 15:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-20 11:47 . 2011-12-30 12:46 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-16 15:09 . 2006-06-23 12:29 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2003-04-25 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 11:01 . 2003-04-25 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-13 11:01 . 2003-04-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:39 . 2004-08-04 07:55 385024 ------w- c:\windows\system32\html.iec
2012-05-05 03:15 . 2003-04-25 12:00 2194432 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:15 . 2002-09-09 14:07 2070912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:47 . 2011-12-30 00:27 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-16 20:16 . 2012-04-06 12:03 85472 ----a-w- c:\programfiler\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\programfiler\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\programfiler\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\programfiler\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\programfiler\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2011-07-13 19:22 287872 ----a-w- d:\programfiler\Agnitum\Outpost Security Suite Pro\op_shell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\programfiler\Steam\Steam.exe" [2012-06-23 1242448]
"DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3592000]
"SpybotSD TeaTimer"="d:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 172032]
"ATICustomerCare"="c:\programfiler\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 393216]
"NVRaidService"="c:\programfiler\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 241768]
"WinampAgent"="d:\programfiler\Winamp\winampa.exe" [2011-12-09 144384]
"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="d:\programfiler\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Windows Search.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2010-09-07 16:40 1976920 ------w- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25 59240 ----a-w- c:\programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker]
2009-12-28 16:49 195200 ----a-w- c:\programfiler\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3592000 ----a-w- c:\programfiler\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-10 22:24 214000 ----atw- c:\documents and settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 05:31 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 00:36 421736 ----a-w- d:\programfiler\ITunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2010-09-07 16:40 43608 ------w- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-07 12:18 2057608 ----a-w- c:\programfiler\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostMonitor]
2011-08-10 12:22 3138632 ----a-w- d:\progra~1\Agnitum\OUTPOS~1\op_mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2003-04-25 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2003-04-25 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17422984 ----a-r- c:\programfiler\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-05-03 13:18 9555632 ----a-w- c:\documents and settings\N4bc4k3\Programdata\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-05-03 13:17 932528 ----a-w- c:\documents and settings\N4bc4k3\Programdata\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"CTHelper"=CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programfiler\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Programfiler\\vuze\\Azureus.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=
"d:\\Programfiler\\steam\\Steam.exe"=
"d:\\Programfiler\\steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Documents and Settings\\N4bc4k3\\Programdata\\Spotify\\spotify.exe"=
"c:\\Documents and Settings\\All Users\\Programdata\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
"c:\\Programfiler\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Programfiler\\Winamp\\winamp.exe"=
"d:\\Programfiler\\vuze\\Support\\FIFA 11_code.exe"=
"d:\\Programfiler\\vuze\\Redistributable\\vcredist_x86_en.exe"=
"d:\\Programfiler\\Emsisoft HiJackFree\\a2hijackfree.exe"=
"c:\\WINDOWS\\system32\\CTHELPER.EXE"=
"c:\\Programfiler\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Programfiler\\NVIDIA Corporation\\Raid\\nvraidservice.exe"=
"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=
"c:\\Programfiler\\DAEMON Tools Lite\\DTLite.exe"=
"c:\\Programfiler\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
"c:\\Programfiler\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"=
"c:\\Programfiler\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
"c:\\Programfiler\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe"=
"d:\\Programfiler\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Documents and Settings\\N4bc4k3\\Mine dokumenter\\Downloads\\OTL.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58455:TCP"= 58455:TCP:Pando Media Booster
"58455:UDP"= 58455:UDP:Pando Media Booster
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [12/30/2011 3:42 AM 764880]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [12/30/2011 3:03 AM 11448]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/15/2012 7:57 PM 239168]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [5/4/2012 12:36 PM 24328]
R2 MBAMService;MBAMService;d:\programfiler\Malwarebytes' Anti-Malware\mbamservice.exe [6/22/2012 7:03 PM 654408]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12/30/2011 3:41 AM 32472]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12/30/2011 3:42 AM 284632]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [12/30/2011 6:36 PM 100368]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 9:39 PM 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 9:39 PM 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 9:39 PM 566360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/22/2012 7:03 PM 22344]
S1 JAMVOX_AA;Service for JamVOX Controller driver;c:\windows\system32\DRIVERS\JamDRV.sys --> c:\windows\system32\DRIVERS\JamDRV.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/2/2012 5:53 PM 257696]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [12/30/2011 3:42 AM 78656]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 9:39 PM 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programfiler\Fellesfiler\Creative Labs Shared\Service\CTAELicensing.exe [12/30/2011 6:47 PM 161280]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 9:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 9:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 9:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 9:39 PM 566360]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [12/31/2011 1:05 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [12/31/2011 1:05 AM 8456]
S3 JAMVOX_01;Service for JamVOX Audio driver;c:\windows\system32\DRIVERS\JamWdm.sys --> c:\windows\system32\DRIVERS\JamWdm.sys [?]
S3 JamVOXUSBAudioSrv;CEntrance USB Audio Driver Service for JamVOX;c:\windows\system32\drivers\jamvox.sys [12/14/2011 5:13 PM 105416]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programfiler\Mozilla Maintenance Service\maintenanceservice.exe [4/27/2012 2:35 PM 113120]
S3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [12/30/2011 3:42 AM 242040]
S3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll [12/30/2011 3:42 AM 84312]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 11:47]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.10.1 192.168.10.1
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\N4bc4k3\Programdata\Mozilla\Firefox\Profiles\3v9gbb6i.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-23 17:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2564)
d:\programfiler\Agnitum\Outpost Security Suite Pro\op_shell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programfiler\Creative\Shared Files\CTAudSvc.exe
c:\programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\CTsvcCDA.exe
c:\programfiler\Java\jre6\bin\jqs.exe
c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\progra~1\FELLES~1\MICROS~1\DW\DW20.EXE
.
**************************************************************************
.
Completion time: 2012-06-23 17:27:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 15:27
.
Pre-Run: 10,701,979,648 byte ledig
Post-Run: 10,649,513,984 byte ledig
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - C060CD443830C4F84B177D406475258F
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Combofix manged to kill the driver which OTL was unable to do... A few more to kill now. Once this run is complete can you let me know of any problems you are experiencing

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\ikro.exe
C:\mwrwx.exe


Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

  • 0

#7
nabcake

nabcake

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ok, i dragged the text file over combofix, and at first i got some error, fixed that by downloading combofix once again.
the random named process starts on startup, and something is changing my default browser.
i included screenshot of the error as a attachment.
here is the recent combofix log:

ComboFix 12-06-23.05 - N4bc4k3 06/23/2012 20:43:04.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2046.1500 [GMT 2:00]
Running from: c:\documents and settings\N4bc4k3\Skrivebord\ComboFix.exe
Command switches used :: c:\documents and settings\N4bc4k3\Skrivebord\CFScript.txt
AV: Outpost Security Suite Pro *Disabled/Updated* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: Outpost Security Suite Pro *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
FILE ::
"C:\ikro.exe"
"C:\mwrwx.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\awfl.pif
C:\okbfc.pif
D:\autorun.inf
D:\weye.pif
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Service_amsint32
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 18:51 . 2012-06-23 18:51 103140 --sh--r- C:\xgok.pif
2012-06-23 14:48 . 2012-06-23 14:48 -------- d-----w- C:\_OTL
2012-06-23 11:00 . 2012-06-23 18:22 -------- d--h--r- c:\documents and settings\N4bc4k3\Siste
2012-06-23 01:46 . 2012-06-23 01:46 7475200 ----a-w- c:\windows\system32\rmslt.nt
2012-06-22 17:03 . 2012-06-22 17:03 -------- d-----w- c:\documents and settings\N4bc4k3\Programdata\Malwarebytes
2012-06-22 17:03 . 2012-06-22 17:03 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes
2012-06-22 17:03 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 17:38 . 2012-06-21 17:37 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-21 17:37 . 2012-06-21 17:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-21 17:36 . 2012-06-21 17:36 -------- d-----w- c:\documents and settings\All Users\Programdata\McAfee
2012-06-21 17:27 . 2012-06-21 17:27 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-21 17:05 . 2012-06-21 17:15 -------- d-----w- c:\programfiler\Emsisoft HiJackFree
2012-06-21 16:54 . 2012-06-21 17:16 -------- d-----w- c:\programfiler\Emsisoft Anti-Malware
2012-06-16 18:32 . 2012-06-16 18:32 -------- d-----w- c:\documents and settings\N4bc4k3\Programdata\Windows Search
2012-06-13 10:30 . 2012-05-13 11:01 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-09 23:12 . 2012-06-09 23:12 -------- d-----w- c:\documents and settings\N4bc4k3\Programdata\Leadertech
2012-06-07 14:51 . 2012-06-16 20:16 770384 ----a-w- c:\programfiler\Mozilla Firefox\msvcr100.dll
2012-06-07 14:51 . 2012-06-16 20:16 421200 ----a-w- c:\programfiler\Mozilla Firefox\msvcp100.dll
2012-06-06 23:01 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-06-06 23:01 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-06-06 23:01 . 2001-10-06 12:02 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-06-06 23:01 . 2008-04-14 15:22 159232 ----a-w- c:\windows\system32\ptpusd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 18:52 . 2012-06-23 18:52 103140 --sh--r- C:\ppbjj.exe
2012-06-21 17:37 . 2011-12-30 17:28 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 13:19 . 2011-12-30 00:46 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-12-30 00:46 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2011-12-30 00:46 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2011-12-30 00:46 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2011-12-30 00:46 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2011-12-30 00:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2003-04-25 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2011-12-30 00:46 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2011-12-30 00:46 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2011-12-30 00:46 23064 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2011-12-30 00:46 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2011-12-30 00:46 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2011-12-30 00:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2003-04-25 12:00 600064 ----a-w- c:\windows\system32\crypt32.dll
2012-05-20 11:47 . 2012-04-02 15:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-20 11:47 . 2011-12-30 12:46 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-16 15:09 . 2006-06-23 12:29 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2003-04-25 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 11:01 . 2003-04-25 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-13 11:01 . 2003-04-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:39 . 2004-08-04 07:55 385024 ------w- c:\windows\system32\html.iec
2012-05-05 03:15 . 2003-04-25 12:00 2194432 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:15 . 2002-09-09 14:07 2070912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:47 . 2011-12-30 00:27 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-16 20:16 . 2012-04-06 12:03 85472 ----a-w- c:\programfiler\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_15.22.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-23 18:50 . 2012-06-23 18:50 16384 c:\windows\Temp\Perflib_Perfdata_674.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\programfiler\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\programfiler\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\programfiler\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\programfiler\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2011-07-13 19:22 287872 ----a-w- d:\programfiler\Agnitum\Outpost Security Suite Pro\op_shell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\programfiler\Steam\Steam.exe" [2012-06-23 1324368]
"DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3592000]
"SpybotSD TeaTimer"="d:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 172032]
"ATICustomerCare"="c:\programfiler\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 393216]
"NVRaidService"="c:\programfiler\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 241768]
"WinampAgent"="d:\programfiler\Winamp\winampa.exe" [2011-12-09 144384]
"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="d:\programfiler\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Windows Search.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2010-09-07 16:40 1976920 ------w- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25 59240 ----a-w- c:\programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker]
2009-12-28 16:49 195200 ----a-w- c:\programfiler\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3592000 ----a-w- c:\programfiler\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-10 22:24 214000 ----atw- c:\documents and settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 05:31 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 00:36 421736 ----a-w- d:\programfiler\ITunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2010-09-07 16:40 43608 ------w- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-07 12:18 2057608 ----a-w- c:\programfiler\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostMonitor]
2011-08-10 12:22 3138632 ----a-w- d:\progra~1\Agnitum\OUTPOS~1\op_mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2003-04-25 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2003-04-25 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17422984 ----a-r- c:\programfiler\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-05-03 13:18 9555632 ----a-w- c:\documents and settings\N4bc4k3\Programdata\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-05-03 13:17 932528 ----a-w- c:\documents and settings\N4bc4k3\Programdata\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"CTHelper"=CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programfiler\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Programfiler\\vuze\\Azureus.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=
"d:\\Programfiler\\steam\\Steam.exe"=
"d:\\Programfiler\\steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Documents and Settings\\N4bc4k3\\Programdata\\Spotify\\spotify.exe"=
"c:\\Documents and Settings\\All Users\\Programdata\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
"c:\\Programfiler\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Programfiler\\Winamp\\winamp.exe"=
"d:\\Programfiler\\vuze\\Support\\FIFA 11_code.exe"=
"d:\\Programfiler\\vuze\\Redistributable\\vcredist_x86_en.exe"=
"d:\\Programfiler\\Emsisoft HiJackFree\\a2hijackfree.exe"=
"c:\\WINDOWS\\system32\\CTHELPER.EXE"=
"c:\\Programfiler\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Programfiler\\NVIDIA Corporation\\Raid\\nvraidservice.exe"=
"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=
"c:\\Programfiler\\DAEMON Tools Lite\\DTLite.exe"=
"c:\\Programfiler\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
"c:\\Programfiler\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"=
"c:\\Programfiler\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
"c:\\Programfiler\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe"=
"d:\\Programfiler\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Documents and Settings\\N4bc4k3\\Mine dokumenter\\Downloads\\OTL.exe"=
"c:\\DOCUME~1\\N4bc4k3\\LOKALE~1\\Temp\\winijqy.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58455:TCP"= 58455:TCP:Pando Media Booster
"58455:UDP"= 58455:UDP:Pando Media Booster
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [12/30/2011 3:42 AM 764880]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [12/30/2011 3:03 AM 11448]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/15/2012 7:57 PM 239168]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [5/4/2012 12:36 PM 24328]
R2 MBAMService;MBAMService;d:\programfiler\Malwarebytes' Anti-Malware\mbamservice.exe [6/22/2012 7:03 PM 654408]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12/30/2011 3:41 AM 32472]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12/30/2011 3:42 AM 284632]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [12/30/2011 6:36 PM 100368]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 9:39 PM 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 9:39 PM 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 9:39 PM 566360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/22/2012 7:03 PM 22344]
S1 JAMVOX_AA;Service for JamVOX Controller driver;c:\windows\system32\DRIVERS\JamDRV.sys --> c:\windows\system32\DRIVERS\JamDRV.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/2/2012 5:53 PM 257696]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [12/30/2011 3:42 AM 78656]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 9:39 PM 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programfiler\Fellesfiler\Creative Labs Shared\Service\CTAELicensing.exe [12/30/2011 6:47 PM 161280]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 9:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 9:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 9:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 9:39 PM 566360]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [12/31/2011 1:05 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [12/31/2011 1:05 AM 8456]
S3 JAMVOX_01;Service for JamVOX Audio driver;c:\windows\system32\DRIVERS\JamWdm.sys --> c:\windows\system32\DRIVERS\JamWdm.sys [?]
S3 JamVOXUSBAudioSrv;CEntrance USB Audio Driver Service for JamVOX;c:\windows\system32\drivers\jamvox.sys [12/14/2011 5:13 PM 105416]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programfiler\Mozilla Maintenance Service\maintenanceservice.exe [4/27/2012 2:35 PM 113120]
S3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [12/30/2011 3:42 AM 242040]
S3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll [12/30/2011 3:42 AM 84312]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 11:47]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.10.1 192.168.10.1
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\N4bc4k3\Programdata\Mozilla\Firefox\Profiles\3v9gbb6i.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-23 20:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2976)
d:\programfiler\Agnitum\Outpost Security Suite Pro\op_shell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programfiler\Creative\Shared Files\CTAudSvc.exe
c:\programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\CTsvcCDA.exe
c:\programfiler\Java\jre6\bin\jqs.exe
c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\docume~1\N4bc4k3\LOKALE~1\Temp\winijqy.exe
.
**************************************************************************
.
Completion time: 2012-06-23 20:55:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 18:55
ComboFix2.txt 2012-06-23 18:38
ComboFix3.txt 2012-06-23 15:27
.
Pre-Run: 10,885,718,016 byte ledig
Post-Run: 10,797,989,888 byte ledig
.
- - End Of File - - D1BC33BEDA8455CC451415FAF77D7F61

Attached Files


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes I see that now

I would like you to run two programmes now which should help me track down where it is starting from

Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
[I]**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

[i]-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning


THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#9
nabcake

nabcake

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Will do, meanwhile ill post some additional info that i didn't think of when creating this thread, maybe some of those will help:
* after infection, i got notification about windows update, (in task bar) so i ran it to fix possible security holes, after the update, windows malicious software remover (think i got the name right) claimed that my PC is infected, i started full system scan which resulted in extremly unlikeable results (claimed that it found 2000+ infected objects, just on the c:/) then a blue screen appeared and PC restarted.
* running windows in safe mode doesn't work either, whenever i try a blue screen appears before all components are even loaded
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that was not legitimate, probably gained from an infected website
  • 0

Advertisements


#11
nabcake

nabcake

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ok, here is GMER log, took some time to finish the scan, will upload MBR when it finishes.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-23 22:22:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 SAMSUNG_SP2514N rev.VF100-33
Running: gmer.exe; Driver: C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\pgldqpog.sys


---- System - GMER 1.0.15 ----

SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAllocateVirtualMemory [0xB9D1B270]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xB9D1B180]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xB9D191B0]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xB9D1B540]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xB9D18B80]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xB9D19560]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xB9D1A640]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xB9D1A730]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xB9D187B0]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xB9D19480]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThread [0xB9D1A480]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xB9D1BB70]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xB9D19720]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0xB9D1A1F0]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwEnumerateKey [0xB9D197E0]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwEnumerateValueKey [0xB9D198C0]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwFsControlFile [0xB9D18A90]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xB9D29C20]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadKey [0xB9D19EB0]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadKey2 [0xB9D19F80]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xB9D193C0]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xB9D19010]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xB9D19650]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenProcess [0xB9D1AA20]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xB9D18880]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenThread [0xB9D1A920]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xB9D1B440]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xB9D199A0]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xB9D19A80]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xB9D1B0B0]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xB9D1A120]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xB9D19C40]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xB9D1B810]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xB9D1B8E0]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xB9D1A050]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xB9D19D10]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xB9D19DE0]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xB9D1B630]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xB9D1AFC0]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSecurityObject [0xB9D1BC60]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xB9D1A2D0]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0xB9D19B60]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xB9D1ADE0]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xB9D1AED0]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xB9D1BA90]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xB9D1AB20]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xB9D1ACA0]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xB9D1A3C0]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteFile [0xB9D18980]
SSDT SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xB9D1B340]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2500 80501D10 12 Bytes [20, 9C, D2, B9, B0, 9E, D1, ...] {AND [EDX+EDX*8-0x2e614f47], BL; MOV ECX, 0xb9d19f80}
.text ntkrnlpa.exe!ZwCallbackReturn + 2770 80501F80 12 Bytes [E0, AD, D1, B9, D0, AE, D1, ...]
? Combo-Fix.sys Systemet finner ikke angitt fil. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB83CF000, 0x2C28EE, 0xE8000020]
? C:\WINDOWS\system32\drivers\mqvpoq.sys Systemet finner ikke angitt fil. !
? C:\ComboFix\catchme.sys Systemet finner ikke angitt bane. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Systemet finner ikke angitt fil. !

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\amsint32 \Device\amsint32 mqvpoq.sys
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

---- EOF - GMER 1.0.15 ----
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Working on a fix now - but I will wait to see what additional data aswMBR reveals
  • 0

#13
nabcake

nabcake

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Is aswMBR suposed to terminate without warning ? got the same problem with other avast tools, getting stuck/terminating when they reach to certain folder.
also, a DAT file was generated, ill attach it.
edit:.dat files are not allowed to be uploaded
anyway, i saved a log before the scan finished (it stood still a couple of minutes, so i though it finished) here it is:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 22:25:00
-----------------------------
22:25:00.109 OS Version: Windows 5.1.2600 Service Pack 3
22:25:00.109 Number of processors: 1 586 0x4F02
22:25:00.109 ComputerName: N4B-C4K3 UserName: N4bc4k3
22:25:00.437 Initialize success
22:27:25.734 AVAST engine defs: 12062301
22:28:15.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
22:28:15.484 Disk 0 Vendor: SAMSUNG_SP2514N VF100-33 Size: 238475MB BusType: 3
22:28:15.500 Disk 0 MBR read successfully
22:28:15.500 Disk 0 MBR scan
22:28:15.562 Disk 0 Windows XP default MBR code
22:28:15.562 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29996 MB offset 63
22:28:15.562 Disk 0 Partition - 00 0F Extended LBA 208468 MB offset 61432560
22:28:15.609 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 208468 MB offset 61432623
22:28:15.609 Disk 0 scanning sectors +488376000
22:28:15.703 Disk 0 scanning C:\WINDOWS\system32\drivers
22:28:36.000 Service scanning
22:28:39.703 Service Creative Audio Engine Licensing Service C:\Programfiler\Fellesfiler\Creative Labs Shared\Service\CTAELicensing.exe **INFECTED** Win32:Sality
22:28:49.625 Modules scanning
22:29:36.593 Disk 0 trace - called modules:
22:29:36.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:29:36.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6cdab8]
22:29:36.625 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000007e[0x8a6a2e98]
22:29:36.625 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x8a72a940]
22:29:36.812 AVAST engine scan C:\WINDOWS
22:30:00.500 AVAST engine scan C:\WINDOWS\system32
22:30:43.140 File: C:\WINDOWS\system32\CtHelper.exe **INFECTED** Win32:Sality
22:40:27.234 AVAST engine scan C:\WINDOWS\system32\drivers
22:41:19.015 AVAST engine scan C:\Documents and Settings\N4bc4k3
22:41:29.781 File: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelper.exe **INFECTED** Win32:Sality
22:42:23.296 File: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\1.3.21.99\GoogleUpdate.exe **INFECTED** Win32:Sality
22:42:32.234 File: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\17.0.963.56\chrome_updater.exe **INFECTED** Win32:Sality
22:42:32.437 File: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe **INFECTED** Win32:Sality
22:44:14.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\N4bc4k3\Skrivebord\MBR.dat"
22:44:14.656 The log file has been saved successfully to "C:\Documents and Settings\N4bc4k3\Skrivebord\aswMBR.txt"
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Darn I thought so Sality

This is a file infector and I cannot guarantee that the system will work properly when I have finished the removal
It may work perfectly well but it may damage some system files

So before we start please back up any important files, but no exe, com, bat extension files

Download Sality Killer zip to your desktop and extract SalityKiller.exe

Run the utility SalityKiller.exe on the infected computer
A reboot might require after disinfection.

Download the file Sality_RegKeys.zip
unpack the file Sality_RegKeys.zip
run the file Disable_autorun.reg from the archive Sality_RegKeys.zip

Once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key:

under Windows XP run the registry file SafeBootWinXP.reg


THEN

Delete your current copy of combofix and download a fresh one then run
  • 0

#15
nabcake

nabcake

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Link to sality killer is blocked, are there any other links or do i have to get it through a flash drive ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP