View Full Version : System Antivirus problem
JF Pedersen
2008-10-02, 20:50
Hi.
I would be greatful for assistance to remove Anti Virus 2008. I have run the latest Spybot both in normal and secure mode without success.
Many Thanks!
Jan
My log is as follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:01, on 02.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\3CX VoIP Client\3CXTunnel.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programfiler\CA\eTrust Antivirus\InoRT.exe
C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe
C:\Programfiler\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\ltmoh\Ltmoh.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\SAV\sav.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programfiler\Skype\Phone\Skype.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe
C:\DOCUME~1\JANFRO~1\LOKALE~1\Temp\video1162.cfg.exe
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\AntSwitch.exe
C:\Programfiler\Fujitsu Siemens\Bluetooth Software\BTTray.exe
C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe
C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\NORMAN\bin\zanda.exe
C:\DOCUME~1\JANFRO~1\LOKALE~1\Temp\b.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\PROGRA~1\FUJITS~1\BLUETO~1\BTSTAC~1.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettavisen.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.112:8020
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programfiler\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Programfiler\SAV\sav.exe
O4 - HKLM\..\Run: [SNM] C:\Programfiler\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [3CXPhone] "C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe"
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\JANFRO~1\LOKALE~1\Temp\video1162.cfg.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Programfiler\SAV\sav.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AntSwitch.lnk = C:\WINDOWS\AntSwitch.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pylon Anywhere Client.lnk = C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxvpn.cab#version=6010,2007,0223,0327
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\JANFRO~1\LOKALE~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://nw-fp-001.asplogon.com/vdesk/terminal/urTermProxy.cab#version=6010,2007,0223,0314
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - https://nw-fp-001.asplogon.com/vdesk/terminal/msrdp.cab#version=5,2,3790,0
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - http://10.2.8.241/en/SyncInstall.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://146.59.90.200/activex/AxisCamControl.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxshost.cab#version=6010,2007,0223,0320
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxhost.cab#version=6010,2007,0223,0312
O23 - Service: 3CX VoIP Client Tunnel (3CXVoIPClientTunnel) - 3CX Software Ltd. - C:\Programfiler\3CX VoIP Client\3CXTunnel.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\NORMAN\bin\zanda.exe
O23 - Service: UPnPService - Unknown owner - C:\Programfiler\Fellesfiler\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 12351 bytes
Hi JF Pedersen
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Post:
- mbam log
- rsit logs (taken after mbam run)
JF Pedersen
2008-10-03, 18:25
Hi, and thanks for responding to my problem!
Here are the logs, hope it was OK that I did this in "safe mode"
Regards
Jan
info.txt logfile of random's system information tool 1.04 2008-10-03 17:19:55
======Uninstall list======
-->C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programfiler\Fellesfiler\Real\Update_OB\r1puninst.exe
RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132
C:\WINDOWS\INF\PCHealth.inf
3CX VoIP Client-->MsiExec.exe /I{39DF0B7C-6BAE-47CE-9513-78E75843D6C1}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE
C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player
ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player
Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 Language Support-->MsiExec.exe
/I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.1.0 - Norsk-->MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE
C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agere Systems AC'97 Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe
/I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Azureus Vuze-->C:\Programfiler\Azureus\uninstall.exe
Belkin 11Mbps Wireless Notebook Network Adapter-->RunDll32
C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup
"C:\Programfiler\InstallShield Installation
Information\{D9CFF910-6B4D-434A-85E8-F8A385140174}\Setup.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CA eTrust Antivirus-->C:\WINDOWS\IsUninst.exe -f"C:\Programfiler\CA\eTrust
Antivirus\Uninst.isu" -c"C:\Programfiler\CA\eTrust Antivirus\InoSetup.dll"
devolo dLAN Configuration Wizard-->C:\Programfiler\devolo\setup.exe
/remove:dlanconf
devolo EasyClean-->C:\Programfiler\devolo\setup.exe /remove:easyclean
devolo EasyShare-->C:\Programfiler\devolo\setup.exe /remove:easyshare
devolo Informer-->C:\Programfiler\devolo\setup.exe /remove:dslmon
DivX Codec-->C:\Programfiler\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programfiler\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programfiler\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Free RAR Extract Frog 1.00-->C:\Programfiler\Free RAR Extract Frog\uninstall.exe
Fujitsu Hotkey Utility-->RunDll32
C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup
"C:\Programfiler\InstallShield Installation
Information\{6F5746DF-18E9-4E35-9032-D5F551E7CD5A}\setup.exe"
Fujitsu Siemens Computers Bluetooth Software-->MsiExec.exe
/X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
Garmin City Navigator Europe NT 2008 Update-->MsiExec.exe
/X{F89078FA-D069-462D-AB34-75483E0A38F1}
Garmin City Navigator North America NT 2008 Update-->MsiExec.exe
/X{96AF271A-43B5-4615-8D00-26B45EE58FC8}
Garmin POI Loader-->MsiExec.exe /X{80A2A967-C1B7-412D-B2B2-C4A33209C205}
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe
/I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s
"c:\programfiler\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe"
/uninstall
Hurtigreparasjon for Windows Internet Explorer 7
(KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP
(KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE
C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
InterVideo WinDVD-->"C:\Programfiler\InstallShield Installation
Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe
/I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe
/I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Lifebook Application Panel-->RunDll32
C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup
"C:\Programfiler\InstallShield Installation
Information\{44065383-B953-11D6-B1DF-00000E5F1C10}\setup.exe"
Malwarebytes' Anti-Malware-->"C:\Programfiler\Malwarebytes'
Anti-Malware\unins000.exe"
Microsoft .NET Framework (Norwegian)
v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET
Framework Full v1.0.3705 (1044)
Microsoft .NET Framework 1.0 Hotfix
(KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe"
"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M9283671044\M9283671044Unin
stall.msp"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe
/I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync 3.8-->"C:\WINDOWS\ISUNINST.EXE" -f"C:\Programfiler\Microsoft
ActiveSync\DeIsL1.isu" -c"C:\Programfiler\Microsoft ActiveSync\ceuninst.dll"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe
C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation
APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.ex
e"
Microsoft National Language Support Downlevel
APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.
exe"
Microsoft Office XP Professional-->MsiExec.exe
/I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe
/I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Mozilla Firefox (3.0.1)-->C:\Programfiler\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 3.57-->MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
MP3 Player Utilities-->MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero OEM-->C:\Programfiler\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 SE-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Oppdatering for Windows XP
(KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Oppdatering for Windows XP
(KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Pylon Anywhere PC Software-->MsiExec.exe /X{BCDDB9D5-8818-420A-B276-5A140639019E}
Påloggingsassistent for Windows Live-->MsiExec.exe
/I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Programfiler\Fellesfiler\Real\Update_OB\r1puninst.exe
RealNetworks|RealPlayer|6.0
Sikkerhetsoppdatering for Windows Internet Explorer 7
(KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7
(KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7
(KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7
(KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7
(KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7
(KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10
(KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10
(KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10
(KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP
(KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP
(KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP
(KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP
(KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP
(KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP
(KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP
(KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP
(KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP
(KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP
(KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP
(KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP
(KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP
(KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Skype 2.5-->"C:\Programfiler\Skype\Phone\unins000.exe"
Sony Ericsson MMS Home Studio-->MsiExec.exe
/X{7828342A-B269-4387-9A2B-84AF300F0983}
Spybot - Search & Destroy 1.3-->"C:\Programfiler\Spybot - Search &
Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Programfiler\Spybot - Search &
Destroy\unins001.exe"
Synaptics Pointing Device Driver-->rundll32.exe
"C:\Programfiler\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Fotogalleri-->MsiExec.exe /X{F8A982AA-8114-4293-BE8E-0DC07D96134E}
Windows Live installer-->MsiExec.exe /X{4218D9DC-282B-4596-BEA5-F20560C14400}
Windows Live Mail-->MsiExec.exe /I{29CB1674-DE1D-4D39-A871-FA0194FC58E9}
Windows Live Messenger-->MsiExec.exe /X{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}
Windows Live Writer-->MsiExec.exe /X{B2F5D5EC-C3DD-4A8B-8E9B-C4426FCF19E6}
Windows Media Format Runtime-->"C:\Programfiler\Windows Media
Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programfiler\Windows Media Player\Setup_wm.exe"
/Uninstall
Windows XP Service Pack
3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Norman Virus Control ver. 5.80 (outdated)
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\
CA\SHARED~1\SCANEN~1;C:\PROGRA~1\CA\ETRUST~1;C:\Programfiler\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"AVENGINE"=C:\PROGRA~1\CA\SHARED~1\SCANEN~1
"INOCULAN"=C:\PROGRA~1\CA\ETRUST~1
"CLASSPATH"=.;C:\Programfiler\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Programfiler\Java\jre1.6.0_05\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK
-----------------EOF-----------------
Malwarebytes' Anti-Malware 1.28
Database versjon: 1225
Windows 5.1.2600 Service Pack 3
03.10.2008 17:17:59
mbam-log-2008-10-03 (17-17-59).txt
Skanntype: Full Skann (C:\|D:\|)
Objekter skannet: 118910
Tid tilbakelagt: 37 minute(s), 44 second(s)
Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 0
Registerverdier infisert: 3
Registerfiler infisert: 0
Mapper infisert: 0
Filer infisert: 9
Minneprosesser infisert:
(Ingen mistenkelige filer funnet)
Minnemoduler infisert:
(Ingen mistenkelige filer funnet)
Registernøkler infisert:
(Ingen mistenkelige filer funnet)
Registerverdier infisert:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registerfiler infisert:
(Ingen mistenkelige filer funnet)
Mapper infisert:
(Ingen mistenkelige filer funnet)
Filer infisert:
C:\Programfiler\SAV\SAV.exe (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Programfiler\SAV\SAV.cpl (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Programfiler\SAV\sav0.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Programfiler\SAV\sav1.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Programfiler\SAV\sav.ooo (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temp\video1162.cfg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan Frode Pedersen\Skrivebord\System Antivirus 2008.lnk (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temp\video207.cfg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
You posted only info.txt
Please post also log.txt :)
JF Pedersen
2008-10-03, 19:34
Sorry about that...
Again, thanks for your assistance.
Regards
Jan
Logfile of random's system information tool 1.04 (written by random/random)
Run by Jan Frode Pedersen at 2008-10-03 17:19:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (37%) free of 40 GB
Total RAM: 502 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:19:52, on 03.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temporary Internet Files\Content.IE5\D0C66E23\RSIT[1].exe
C:\Programfiler\Trend Micro\HijackThis\Jan Frode Pedersen.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettavisen.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.112:8020
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programfiler\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SNM] C:\Programfiler\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [3CXPhone] "C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AntSwitch.lnk = C:\WINDOWS\AntSwitch.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pylon Anywhere Client.lnk = C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxvpn.cab#version=6010,2007,0223,0327
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\JANFRO~1\LOKALE~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://nw-fp-001.asplogon.com/vdesk/terminal/urTermProxy.cab#version=6010,2007,0223,0314
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - https://nw-fp-001.asplogon.com/vdesk/terminal/msrdp.cab#version=5,2,3790,0
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - http://10.2.8.241/en/SyncInstall.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://146.59.90.200/activex/AxisCamControl.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxshost.cab#version=6010,2007,0223,0320
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxhost.cab#version=6010,2007,0223,0312
O23 - Service: 3CX VoIP Client Tunnel (3CXVoIPClientTunnel) - 3CX Software Ltd. - C:\Programfiler\3CX VoIP Client\3CXTunnel.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\NORMAN\bin\zanda.exe
O23 - Service: UPnPService - Unknown owner - C:\Programfiler\Fellesfiler\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 10862 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Påloggingshjelp for Windows Live - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\programfiler\google\googletoolbar2.dll [2007-11-23 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-20 734704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\programfiler\google\googletoolbar2.dll [2007-11-23 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe [2004-01-22 98304]
"SynTPEnh"=C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe [2004-01-22 495616]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-10-02 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-10-02 118784]
"IndicatorUtility"=C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2003-11-13 81920]
"LoadFujitsuQuickTouch"=C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe [2002-08-29 353792]
"LoadBtnHnd"=C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe [2002-08-27 61440]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-09-24 88363]
"LtMoh"=C:\Programfiler\ltmoh\Ltmoh.exe [2003-09-06 184320]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Norman ZANDA"=C:\NORMAN\bin\ZLH.EXE [2006-05-31 135168]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe []
"Realtime Monitor"=C:\PROGRA~1\CA\ETRUST~1\realmon.exe [2003-02-13 493024]
"QuickTime Task"=C:\Programfiler\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Programfiler\iTunes\iTunesHelper.exe [2008-09-10 289576]
"SNM"=C:\Programfiler\SpyNoMore\SNM.exe /startup []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotSnD"=C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 4891472]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE [2005-01-04 405583]
"Skype"=C:\Programfiler\Skype\Phone\Skype.exe [2006-11-24 20058152]
"swg"=C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-23 68856]
"3CXPhone"=C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe [2008-04-15 2759680]
"SpybotSD TeaTimer"=C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart
AntSwitch.lnk - C:\WINDOWS\AntSwitch.exe
BTTray.lnk - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\BTTray.exe
Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE
Pylon Anywhere Client.lnk - C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-02 319488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"="C:\Programfiler\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe"="C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe"="C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe:*:Enabled:ClientShell - Client"
"C:\Programfiler\LeechFTP\Leechftp.exe"="C:\Programfiler\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Messenger\msmsgs.exe"="C:\Programfiler\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programfiler\Azureus\Azureus.exe"="C:\Programfiler\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe"="C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe:*:Enabled:3CX VoIP Client Application"
"C:\Programfiler\Internet Explorer\iexplore.exe"="C:\Programfiler\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Programfiler\devolo\informer\devinf.exe"="C:\Programfiler\devolo\informer\devinf.exe:*:Enabled:devolo Informer"
"C:\Programfiler\devolo\easyshare\easyshare.exe"="C:\Programfiler\devolo\easyshare\easyshare.exe:*:Enabled:devolo EasyShare"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programfiler\Bonjour\mDNSResponder.exe"="C:\Programfiler\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programfiler\iTunes\iTunes.exe"="C:\Programfiler\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programfiler\Skype\Phone\Skype.exe"="C:\Programfiler\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
======List of files/folders created in the last 1 months======
2008-10-03 17:19:40 ----D---- C:\rsit
2008-10-03 16:33:26 ----D---- C:\Documents and Settings\Jan Frode Pedersen\Programdata\Malwarebytes
2008-10-03 16:33:22 ----D---- C:\Programfiler\Malwarebytes' Anti-Malware
2008-10-03 16:33:22 ----D---- C:\Documents and Settings\All Users\Programdata\Malwarebytes
2008-10-02 19:38:55 ----D---- C:\Programfiler\Trend Micro
2008-10-02 17:59:31 ----A---- C:\WINDOWS\SoundCon.INI
2008-10-02 17:59:31 ----A---- C:\WINDOWS\fwupgrade.ini
2008-10-02 17:59:31 ----A---- C:\WINDOWS\Disktool.INI
2008-10-01 21:10:03 ----D---- C:\Programfiler\SDHelper (Spybot - Search & Destroy)
2008-10-01 19:41:44 ----D---- C:\Programfiler\SAV
2008-09-25 21:27:01 ----D---- C:\Programfiler\TeaTimer (Spybot - Search & Destroy)
2008-09-25 18:18:42 ----D---- C:\Programfiler\Apple Software Update
2008-09-25 18:16:36 ----D---- C:\Programfiler\iPod
2008-09-25 18:16:19 ----D---- C:\Programfiler\iTunes
2008-09-25 18:16:19 ----D---- C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-25 18:13:10 ----D---- C:\Programfiler\QuickTime
2008-09-25 18:05:49 ----D---- C:\Programfiler\Bonjour
2008-09-25 18:05:46 ----SHD---- C:\Config.Msi
2008-09-20 16:55:20 ----D---- C:\arkiv
2008-09-20 16:43:40 ----D---- C:\Programfiler\Free RAR Extract Frog
2008-09-11 16:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
======List of files/folders modified in the last 1 months======
2008-10-03 17:17:59 ----D---- C:\WINDOWS\system32
2008-10-03 16:33:49 ----D---- C:\WINDOWS\system32\drivers
2008-10-03 16:33:22 ----RD---- C:\Programfiler
2008-10-03 07:19:55 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-03 07:18:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-03 07:10:31 ----D---- C:\WINDOWS\Prefetch
2008-10-03 07:10:13 ----D---- C:\WINDOWS\Temp
2008-10-02 22:14:45 ----D---- C:\Programfiler\3CX VoIP Client
2008-10-02 22:13:21 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-02 19:32:30 ----D---- C:\WINDOWS
2008-10-02 18:51:34 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-02 18:50:44 ----D---- C:\Programfiler\IDAutomation.com Code 39 Font Advantage Package DEMO
2008-10-02 18:50:02 ----D---- C:\WINDOWS\system32\MAGIX
2008-10-02 18:49:23 ----HD---- C:\WINDOWS\inf
2008-10-02 18:47:59 ----D---- C:\MAGIX
2008-10-02 18:08:25 ----D---- C:\Programfiler\Mozilla Firefox
2008-10-02 16:15:35 ----A---- C:\WINDOWS\imsins.BAK
2008-10-01 23:02:38 ----D---- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy
2008-10-01 22:19:41 ----D---- C:\Programfiler\Spybot - Search & Destroy
2008-10-01 20:56:24 ----D---- C:\WINDOWS\Minidump
2008-10-01 19:44:50 ----D---- C:\Documents and Settings\Jan Frode Pedersen\Programdata\Azureus
2008-10-01 17:01:11 ----D---- C:\Documents and Settings\Jan Frode Pedersen\Programdata\Skype
2008-09-28 14:37:36 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-25 18:18:48 ----SHD---- C:\WINDOWS\Installer
2008-09-25 18:18:44 ----SD---- C:\WINDOWS\Tasks
2008-09-25 18:17:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-25 18:13:31 ----D---- C:\Programfiler\Fellesfiler\Apple
2008-09-17 17:28:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-16 16:53:34 ----D---- C:\WINDOWS\Help
2008-09-11 16:37:33 ----D---- C:\WINDOWS\WinSxS
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 kbdhid;Tastatur-HID-driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Tcpip6;Microsoft IPv6-protokolldriver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-11-21 113152]
R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2004-04-02 43603]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\System32\DRIVERS\FUJ02B1.sys [2001-08-02 5248]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%; C:\WINDOWS\System32\Drivers\FUJ02E1.sys [2001-09-07 6000]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 mouhid;HID-driver for mus; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-06 12160]
R3 Rasirda;WAN-miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2004-01-22 178816]
R3 tunmp;Microsoft Tun Miniport-kortdriver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 urvpndrv;F5 Networks VPN Adapter; C:\WINDOWS\system32\DRIVERS\urvpndrv.sys [2007-02-23 28160]
R3 usbehci;Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Driver for standard Microsoft USB-hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniportdriver for Microsoft USB universell vertskontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w22n51;Intel(R) PRO/Wireless 2200 Adapter-driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-03-08 1657344]
S1 intelppm;Intel-prosessordriver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
S2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
S2 BtnHnd;BtnHnd; \??\C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.sys []
S2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\System32\drivers\btserial.sys []
S2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\System32\drivers\btslbcsp.sys []
S2 INO_FLTR;INO_FLTR; \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys []
S2 irda;IrDA-protokoll; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo); C:\WINDOWS\system32\drivers\npf_devolo.sys [2007-02-07 35840]
S2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibel transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
S2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-16 63232]
S2 NwlnkSpx;NWLink SPX/SPXII-protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-16 55936]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
S3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164; C:\WINDOWS\system32\drivers\A302.sys [2003-10-08 11831]
S3 ac97intc;Installasjonstjeneste for Intel(r) 82801-lyddriver (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-09-24 1197740]
S3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BRIDGE;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2004-04-02 16896]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2004-04-02 30235]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2004-04-02 147864]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-04-02 53336]
S3 CmBatt;Driver for batteri med Microsoft ACPI-kontrollmetode; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 f5ipfw;F5 Networks StoneWall Filter; \??\C:\WINDOWS\system32\drivers\urfltw2k.sys []
S3 gv3;Intel GV3-prosessordriver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-20 33408]
S3 HidUsb;Microsoft HID-klassedriver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-10-08 93979]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 NIC1394;1394-nettverksdriver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Driver for Network Monitor; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NSCIRDA;NSC infrarød enhetsdriver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PCMCIABKPCMXP;Belkin 11Mbps Wireless Notebook Network Adapter; C:\WINDOWS\system32\DRIVERS\bkpcmxp.sys [2002-08-29 72832]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-09-16 5888]
S3 rtl8139;Realtek RTL8139(A/B/C)-basert PCI Fast Ethernet-kort NT-driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SMCIRDA;SMC IrCC-miniportenhetsdriver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-10-06 35913]
S3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-03-02 210992]
S3 usbaudio;USB-lyddriver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB generell overordnet driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB-masselagringsenhet; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-12-06 104064]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]
S4 agp440;Intel AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Driver for AMD AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 3CXVoIPClientTunnel;3CX VoIP Client Tunnel; C:\Programfiler\3CX VoIP Client\3CXTunnel.exe [2008-04-14 970752]
S2 6to4;IPv6-hjelpetjeneste; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Apple Mobile Device;Apple Mobile Device; C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
S2 Bonjour Service;Bonjour-tjeneste; C:\Programfiler\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S2 btwdins;Bluetooth Service; C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe [2004-04-02 163840]
S2 InoRPC;eTrust Antivirus RPC Server; C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe [2003-02-13 144864]
S2 InoRT;eTrust Antivirus Realtime Server; C:\Programfiler\CA\eTrust Antivirus\InoRT.exe [2003-02-13 230880]
S2 InoTask;eTrust Antivirus Job Server; C:\Programfiler\CA\eTrust Antivirus\InoTask.exe [2003-02-13 234976]
S2 Irmon;Infrarød overvåking; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 LogWatch;Event Log Watch; C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
S2 Norman ZANDA;Norman ZANDA; C:\NORMAN\bin\zanda.exe [2005-09-06 176128]
S2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 CA_LIC_CLNT;CA License Client; C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;CA License Server; C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-23 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod-tjeneste; C:\Programfiler\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 NipSvc;Norman API-hooking helper; C:\NORMAN\Nvc\BIN\nipsvc.exe []
S3 Norman NJeeves;Norman NJeeves; C:\NORMAN\bin\NJEEVES.EXE [2005-01-12 143360]
S3 UPnPService;UPnPService; C:\Programfiler\Fellesfiler\MAGIX Shared\UPnPService\UPnPService.exe [2005-11-08 647242]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader-tjeneste; C:\Programfiler\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programfiler\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
-----------------EOF-----------------
You are running RSIT from temp folder:
C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temporary Internet Files\Content.IE5\D0C66E23\RSIT[1].exe
Save it first to Desktop.
After that:
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
Azureus Vuze
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Delete this folder:
C:\Programfiler\Azureus
Delete info.txt in C:\rsit folder (if any)
Please run a new RSIT scan when finished and post logs back here.
JF Pedersen
2008-10-03, 21:24
OK, here we go...
Regards
Jan
Logfile of random's system information tool 1.04 (written by random/random)
Run by Jan Frode Pedersen at 2008-10-03 20:22:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (37%) free of 40 GB
Total RAM: 502 MB (30% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:22:45, on 03.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\3CX VoIP Client\3CXTunnel.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe
C:\Programfiler\CA\eTrust Antivirus\InoRT.exe
C:\Programfiler\CA\eTrust Antivirus\InoTask.exe
C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\NORMAN\bin\zanda.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\ltmoh\Ltmoh.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programfiler\Skype\Phone\Skype.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\AntSwitch.exe
C:\Programfiler\Fujitsu Siemens\Bluetooth Software\BTTray.exe
C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe
C:\PROGRA~1\FUJITS~1\BLUETO~1\BTSTAC~1.EXE
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Jan Frode Pedersen\Skrivebord\RSIT.exe
C:\Programfiler\Trend Micro\HijackThis\Jan Frode Pedersen.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettavisen.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.112:8020
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programfiler\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SNM] C:\Programfiler\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [3CXPhone] "C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AntSwitch.lnk = C:\WINDOWS\AntSwitch.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pylon Anywhere Client.lnk = C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxvpn.cab#version=6010,2007,0223,0327
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\JANFRO~1\LOKALE~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://nw-fp-001.asplogon.com/vdesk/terminal/urTermProxy.cab#version=6010,2007,0223,0314
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - https://nw-fp-001.asplogon.com/vdesk/terminal/msrdp.cab#version=5,2,3790,0
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - http://10.2.8.241/en/SyncInstall.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://146.59.90.200/activex/AxisCamControl.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxshost.cab#version=6010,2007,0223,0320
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxhost.cab#version=6010,2007,0223,0312
O23 - Service: 3CX VoIP Client Tunnel (3CXVoIPClientTunnel) - 3CX Software Ltd. - C:\Programfiler\3CX VoIP Client\3CXTunnel.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\NORMAN\bin\zanda.exe
O23 - Service: UPnPService - Unknown owner - C:\Programfiler\Fellesfiler\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 12136 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Påloggingshjelp for Windows Live - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\programfiler\google\googletoolbar2.dll [2007-11-23 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-20 734704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\programfiler\google\googletoolbar2.dll [2007-11-23 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe [2004-01-22 98304]
"SynTPEnh"=C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe [2004-01-22 495616]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-10-02 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-10-02 118784]
"IndicatorUtility"=C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2003-11-13 81920]
"LoadFujitsuQuickTouch"=C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe [2002-08-29 353792]
"LoadBtnHnd"=C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe [2002-08-27 61440]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-09-24 88363]
"LtMoh"=C:\Programfiler\ltmoh\Ltmoh.exe [2003-09-06 184320]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Norman ZANDA"=C:\NORMAN\bin\ZLH.EXE [2006-05-31 135168]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe []
"Realtime Monitor"=C:\PROGRA~1\CA\ETRUST~1\realmon.exe [2003-02-13 493024]
"QuickTime Task"=C:\Programfiler\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Programfiler\iTunes\iTunesHelper.exe [2008-09-10 289576]
"SNM"=C:\Programfiler\SpyNoMore\SNM.exe /startup []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE [2005-01-04 405583]
"Skype"=C:\Programfiler\Skype\Phone\Skype.exe [2006-11-24 20058152]
"swg"=C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-23 68856]
"3CXPhone"=C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe [2008-04-15 2759680]
"SpybotSD TeaTimer"=C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart
AntSwitch.lnk - C:\WINDOWS\AntSwitch.exe
BTTray.lnk - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\BTTray.exe
Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE
Pylon Anywhere Client.lnk - C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-02 319488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"="C:\Programfiler\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe"="C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe"="C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe:*:Enabled:ClientShell - Client"
"C:\Programfiler\LeechFTP\Leechftp.exe"="C:\Programfiler\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Messenger\msmsgs.exe"="C:\Programfiler\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programfiler\Azureus\Azureus.exe"="C:\Programfiler\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe"="C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe:*:Enabled:3CX VoIP Client Application"
"C:\Programfiler\Internet Explorer\iexplore.exe"="C:\Programfiler\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Programfiler\devolo\informer\devinf.exe"="C:\Programfiler\devolo\informer\devinf.exe:*:Enabled:devolo Informer"
"C:\Programfiler\devolo\easyshare\easyshare.exe"="C:\Programfiler\devolo\easyshare\easyshare.exe:*:Enabled:devolo EasyShare"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programfiler\Bonjour\mDNSResponder.exe"="C:\Programfiler\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programfiler\iTunes\iTunes.exe"="C:\Programfiler\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programfiler\Skype\Phone\Skype.exe"="C:\Programfiler\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
======List of files/folders created in the last 1 months======
2008-10-03 17:19:40 ----D---- C:\rsit
2008-10-03 16:33:26 ----D---- C:\Documents and Settings\Jan Frode Pedersen\Programdata\Malwarebytes
2008-10-03 16:33:22 ----D---- C:\Programfiler\Malwarebytes' Anti-Malware
2008-10-03 16:33:22 ----D---- C:\Documents and Settings\All Users\Programdata\Malwarebytes
2008-10-02 19:38:55 ----D---- C:\Programfiler\Trend Micro
2008-10-02 17:59:31 ----A---- C:\WINDOWS\SoundCon.INI
2008-10-02 17:59:31 ----A---- C:\WINDOWS\fwupgrade.ini
2008-10-02 17:59:31 ----A---- C:\WINDOWS\Disktool.INI
2008-10-01 21:10:03 ----D---- C:\Programfiler\SDHelper (Spybot - Search & Destroy)
2008-10-01 19:41:44 ----D---- C:\Programfiler\SAV
2008-09-25 21:27:01 ----D---- C:\Programfiler\TeaTimer (Spybot - Search & Destroy)
2008-09-25 18:18:42 ----D---- C:\Programfiler\Apple Software Update
2008-09-25 18:16:36 ----D---- C:\Programfiler\iPod
2008-09-25 18:16:19 ----D---- C:\Programfiler\iTunes
2008-09-25 18:16:19 ----D---- C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-25 18:13:10 ----D---- C:\Programfiler\QuickTime
2008-09-25 18:05:49 ----D---- C:\Programfiler\Bonjour
2008-09-25 18:05:46 ----SHD---- C:\Config.Msi
2008-09-20 16:55:20 ----D---- C:\arkiv
2008-09-20 16:43:40 ----D---- C:\Programfiler\Free RAR Extract Frog
2008-09-11 16:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
======List of files/folders modified in the last 1 months======
2008-10-03 20:18:42 ----D---- C:\WINDOWS\Prefetch
2008-10-03 20:16:51 ----D---- C:\Programfiler\Azureus
2008-10-03 18:35:29 ----D---- C:\WINDOWS\Temp
2008-10-03 18:23:58 ----D---- C:\Programfiler\3CX VoIP Client
2008-10-03 18:22:19 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-03 17:17:59 ----D---- C:\WINDOWS\system32
2008-10-03 16:33:49 ----D---- C:\WINDOWS\system32\drivers
2008-10-03 16:33:22 ----RD---- C:\Programfiler
2008-10-03 07:18:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-02 22:13:21 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-02 19:32:30 ----D---- C:\WINDOWS
2008-10-02 18:51:34 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-02 18:50:44 ----D---- C:\Programfiler\IDAutomation.com Code 39 Font Advantage Package DEMO
2008-10-02 18:50:02 ----D---- C:\WINDOWS\system32\MAGIX
2008-10-02 18:49:23 ----HD---- C:\WINDOWS\inf
2008-10-02 18:47:59 ----D---- C:\MAGIX
2008-10-02 18:08:25 ----D---- C:\Programfiler\Mozilla Firefox
2008-10-02 16:15:35 ----A---- C:\WINDOWS\imsins.BAK
2008-10-01 23:02:38 ----D---- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy
2008-10-01 22:19:41 ----D---- C:\Programfiler\Spybot - Search & Destroy
2008-10-01 20:56:24 ----D---- C:\WINDOWS\Minidump
2008-10-01 19:44:50 ----D---- C:\Documents and Settings\Jan Frode Pedersen\Programdata\Azureus
2008-10-01 17:01:11 ----D---- C:\Documents and Settings\Jan Frode Pedersen\Programdata\Skype
2008-09-28 14:37:36 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-25 18:18:48 ----SHD---- C:\WINDOWS\Installer
2008-09-25 18:18:44 ----SD---- C:\WINDOWS\Tasks
2008-09-25 18:17:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-25 18:13:31 ----D---- C:\Programfiler\Fellesfiler\Apple
2008-09-17 17:28:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-16 16:53:34 ----D---- C:\WINDOWS\Help
2008-09-11 16:37:33 ----D---- C:\WINDOWS\WinSxS
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel-prosessordriver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Tastatur-HID-driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Tcpip6;Microsoft IPv6-protokolldriver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 BtnHnd;BtnHnd; \??\C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.sys []
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\System32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\System32\drivers\btslbcsp.sys []
R2 INO_FLTR;INO_FLTR; \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys []
R2 irda;IrDA-protokoll; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo); C:\WINDOWS\system32\drivers\npf_devolo.sys [2007-02-07 35840]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibel transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-16 63232]
R2 NwlnkSpx;NWLink SPX/SPXII-protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-16 55936]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
R3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164; C:\WINDOWS\system32\drivers\A302.sys [2003-10-08 11831]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-09-24 1197740]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-11-21 113152]
R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2004-04-02 16896]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2004-04-02 30235]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2004-04-02 43603]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-04-02 53336]
R3 CmBatt;Driver for batteri med Microsoft ACPI-kontrollmetode; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\System32\DRIVERS\FUJ02B1.sys [2001-08-02 5248]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%; C:\WINDOWS\System32\Drivers\FUJ02E1.sys [2001-09-07 6000]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-10-08 93979]
R3 mouhid;HID-driver for mus; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-06 12160]
R3 Rasirda;WAN-miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-09-16 5888]
R3 SMCIRDA;SMC IrCC-miniportenhetsdriver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-10-06 35913]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-03-02 210992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2004-01-22 178816]
R3 tunmp;Microsoft Tun Miniport-kortdriver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 urvpndrv;F5 Networks VPN Adapter; C:\WINDOWS\system32\DRIVERS\urvpndrv.sys [2007-02-23 28160]
R3 usbehci;Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Driver for standard Microsoft USB-hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniportdriver for Microsoft USB universell vertskontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w22n51;Intel(R) PRO/Wireless 2200 Adapter-driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-03-08 1657344]
S3 ac97intc;Installasjonstjeneste for Intel(r) 82801-lyddriver (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BRIDGE;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2004-04-02 147864]
S3 f5ipfw;F5 Networks StoneWall Filter; \??\C:\WINDOWS\system32\drivers\urfltw2k.sys []
S3 gv3;Intel GV3-prosessordriver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-20 33408]
S3 HidUsb;Microsoft HID-klassedriver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 NIC1394;1394-nettverksdriver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Driver for Network Monitor; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NSCIRDA;NSC infrarød enhetsdriver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PCMCIABKPCMXP;Belkin 11Mbps Wireless Notebook Network Adapter; C:\WINDOWS\system32\DRIVERS\bkpcmxp.sys [2002-08-29 72832]
S3 rtl8139;Realtek RTL8139(A/B/C)-basert PCI Fast Ethernet-kort NT-driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 usbaudio;USB-lyddriver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB generell overordnet driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB-masselagringsenhet; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-12-06 104064]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]
S4 agp440;Intel AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Driver for AMD AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 3CXVoIPClientTunnel;3CX VoIP Client Tunnel; C:\Programfiler\3CX VoIP Client\3CXTunnel.exe [2008-04-14 970752]
R2 6to4;IPv6-hjelpetjeneste; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Bonjour Service;Bonjour-tjeneste; C:\Programfiler\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 btwdins;Bluetooth Service; C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe [2004-04-02 163840]
R2 InoRPC;eTrust Antivirus RPC Server; C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe [2003-02-13 144864]
R2 InoRT;eTrust Antivirus Realtime Server; C:\Programfiler\CA\eTrust Antivirus\InoRT.exe [2003-02-13 230880]
R2 InoTask;eTrust Antivirus Job Server; C:\Programfiler\CA\eTrust Antivirus\InoTask.exe [2003-02-13 234976]
R2 Irmon;Infrarød overvåking; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 LogWatch;Event Log Watch; C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
R2 Norman ZANDA;Norman ZANDA; C:\NORMAN\bin\zanda.exe [2005-09-06 176128]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R3 iPod Service;iPod-tjeneste; C:\Programfiler\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 CA_LIC_CLNT;CA License Client; C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;CA License Server; C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-23 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NipSvc;Norman API-hooking helper; C:\NORMAN\Nvc\BIN\nipsvc.exe []
S3 Norman NJeeves;Norman NJeeves; C:\NORMAN\bin\NJEEVES.EXE [2005-01-12 143360]
S3 UPnPService;UPnPService; C:\Programfiler\Fellesfiler\MAGIX Shared\UPnPService\UPnPService.exe [2005-11-08 647242]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader-tjeneste; C:\Programfiler\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programfiler\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-10-03 20:22:47
======Uninstall list======
-->C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programfiler\Fellesfiler\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3CX VoIP Client-->MsiExec.exe /I{39DF0B7C-6BAE-47CE-9513-78E75843D6C1}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.1.0 - Norsk-->MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agere Systems AC'97 Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Belkin 11Mbps Wireless Notebook Network Adapter-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{D9CFF910-6B4D-434A-85E8-F8A385140174}\Setup.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CA eTrust Antivirus-->C:\WINDOWS\IsUninst.exe -f"C:\Programfiler\CA\eTrust Antivirus\Uninst.isu" -c"C:\Programfiler\CA\eTrust Antivirus\InoSetup.dll"
devolo dLAN Configuration Wizard-->C:\Programfiler\devolo\setup.exe /remove:dlanconf
devolo EasyClean-->C:\Programfiler\devolo\setup.exe /remove:easyclean
devolo EasyShare-->C:\Programfiler\devolo\setup.exe /remove:easyshare
devolo Informer-->C:\Programfiler\devolo\setup.exe /remove:dslmon
DivX Codec-->C:\Programfiler\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programfiler\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programfiler\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Free RAR Extract Frog 1.00-->C:\Programfiler\Free RAR Extract Frog\uninstall.exe
Fujitsu Hotkey Utility-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{6F5746DF-18E9-4E35-9032-D5F551E7CD5A}\setup.exe"
Fujitsu Siemens Computers Bluetooth Software-->MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
Garmin City Navigator Europe NT 2008 Update-->MsiExec.exe /X{F89078FA-D069-462D-AB34-75483E0A38F1}
Garmin City Navigator North America NT 2008 Update-->MsiExec.exe /X{96AF271A-43B5-4615-8D00-26B45EE58FC8}
Garmin POI Loader-->MsiExec.exe /X{80A2A967-C1B7-412D-B2B2-C4A33209C205}
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\programfiler\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hurtigreparasjon for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
InterVideo WinDVD-->"C:\Programfiler\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Lifebook Application Panel-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{44065383-B953-11D6-B1DF-00000E5F1C10}\setup.exe"
Malwarebytes' Anti-Malware-->"C:\Programfiler\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework (Norwegian) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1044)
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M9283671044\M9283671044Uninstall.msp"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync 3.8-->"C:\WINDOWS\ISUNINST.EXE" -f"C:\Programfiler\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Programfiler\Microsoft ActiveSync\ceuninst.dll"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Mozilla Firefox (3.0.1)-->C:\Programfiler\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 3.57-->MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
MP3 Player Utilities-->MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero OEM-->C:\Programfiler\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 SE-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Oppdatering for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Pylon Anywhere PC Software-->MsiExec.exe /X{BCDDB9D5-8818-420A-B276-5A140639019E}
Påloggingsassistent for Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Programfiler\Fellesfiler\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Skype 2.5-->"C:\Programfiler\Skype\Phone\unins000.exe"
Sony Ericsson MMS Home Studio-->MsiExec.exe /X{7828342A-B269-4387-9A2B-84AF300F0983}
Spybot - Search & Destroy 1.3-->"C:\Programfiler\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Programfiler\Spybot - Search & Destroy\unins001.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Programfiler\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Fotogalleri-->MsiExec.exe /X{F8A982AA-8114-4293-BE8E-0DC07D96134E}
Windows Live installer-->MsiExec.exe /X{4218D9DC-282B-4596-BEA5-F20560C14400}
Windows Live Mail-->MsiExec.exe /I{29CB1674-DE1D-4D39-A871-FA0194FC58E9}
Windows Live Messenger-->MsiExec.exe /X{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}
Windows Live Writer-->MsiExec.exe /X{B2F5D5EC-C3DD-4A8B-8E9B-C4426FCF19E6}
Windows Media Format Runtime-->"C:\Programfiler\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programfiler\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Norman Virus Control ver. 5.80 (outdated)
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\CA\SHARED~1\SCANEN~1;C:\PROGRA~1\CA\ETRUST~1;C:\Programfiler\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"AVENGINE"=C:\PROGRA~1\CA\SHARED~1\SCANEN~1
"INOCULAN"=C:\PROGRA~1\CA\ETRUST~1
"CLASSPATH"=.;C:\Programfiler\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Programfiler\Java\jre1.6.0_05\lib\ext\QTJava.zip
-----------------EOF-----------------
Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).
Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\Programfiler\Azureus
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
JF Pedersen
2008-10-03, 21:36
Coming up:
Regards
Jan
C:\Programfiler\Azureus\plugins\azupnpav moved successfully.
C:\Programfiler\Azureus\plugins\azemp moved successfully.
C:\Programfiler\Azureus\plugins moved successfully.
C:\Programfiler\Azureus moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10032008_203509
JF Pedersen
2008-10-03, 21:41
Hi
No, Norman is not up to date, this was once my work laptop, but is currently retired into domestic use and the license is no longer active.
I'm currently using CA etrust which is up to date.
Regards
Jan
I see. We will then remove remnants of Norman a bit later and flush security center.
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
JF Pedersen
2008-10-04, 08:47
Ok, it took while to perform the scan, but it sure did find something :sad:
Regards
Jan-Frode
Logfile of random's system information tool 1.04 (written by random/random)
Run by Jan Frode Pedersen at 2008-10-04 07:43:48
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (46%) free of 40 GB
Total RAM: 502 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:44:15, on 04.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\3CX VoIP Client\3CXTunnel.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe
C:\Programfiler\CA\eTrust Antivirus\InoRT.exe
C:\Programfiler\CA\eTrust Antivirus\InoTask.exe
C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\NORMAN\bin\zanda.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\ltmoh\Ltmoh.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programfiler\Skype\Phone\Skype.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\AntSwitch.exe
C:\Programfiler\Fujitsu Siemens\Bluetooth Software\BTTray.exe
C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe
C:\PROGRA~1\FUJITS~1\BLUETO~1\BTSTAC~1.EXE
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temp\jkos-Jan Frode Pedersen\binaries\ScanningProcess.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jan Frode Pedersen\Skrivebord\RSIT.exe
C:\Programfiler\Trend Micro\HijackThis\Jan Frode Pedersen.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettavisen.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.112:8020
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programfiler\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SNM] C:\Programfiler\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [3CXPhone] "C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AntSwitch.lnk = C:\WINDOWS\AntSwitch.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pylon Anywhere Client.lnk = C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxvpn.cab#version=6010,2007,0223,0327
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\JANFRO~1\LOKALE~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://nw-fp-001.asplogon.com/vdesk/terminal/urTermProxy.cab#version=6010,2007,0223,0314
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - https://nw-fp-001.asplogon.com/vdesk/terminal/msrdp.cab#version=5,2,3790,0
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - http://10.2.8.241/en/SyncInstall.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://146.59.90.200/activex/AxisCamControl.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxshost.cab#version=6010,2007,0223,0320
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxhost.cab#version=6010,2007,0223,0312
O23 - Service: 3CX VoIP Client Tunnel (3CXVoIPClientTunnel) - 3CX Software Ltd. - C:\Programfiler\3CX VoIP Client\3CXTunnel.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\NORMAN\bin\zanda.exe
O23 - Service: UPnPService - Unknown owner - C:\Programfiler\Fellesfiler\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 12308 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Påloggingshjelp for Windows Live - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\programfiler\google\googletoolbar2.dll [2007-11-23 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-20 734704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\programfiler\google\googletoolbar2.dll [2007-11-23 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe [2004-01-22 98304]
"SynTPEnh"=C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe [2004-01-22 495616]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-10-02 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-10-02 118784]
"IndicatorUtility"=C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2003-11-13 81920]
"LoadFujitsuQuickTouch"=C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe [2002-08-29 353792]
"LoadBtnHnd"=C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe [2002-08-27 61440]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-09-24 88363]
"LtMoh"=C:\Programfiler\ltmoh\Ltmoh.exe [2003-09-06 184320]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Norman ZANDA"=C:\NORMAN\bin\ZLH.EXE [2006-05-31 135168]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe []
"Realtime Monitor"=C:\PROGRA~1\CA\ETRUST~1\realmon.exe [2003-02-13 493024]
"QuickTime Task"=C:\Programfiler\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Programfiler\iTunes\iTunesHelper.exe [2008-09-10 289576]
"SNM"=C:\Programfiler\SpyNoMore\SNM.exe /startup []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE [2005-01-04 405583]
"Skype"=C:\Programfiler\Skype\Phone\Skype.exe [2006-11-24 20058152]
"swg"=C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-23 68856]
"3CXPhone"=C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe [2008-04-15 2759680]
"SpybotSD TeaTimer"=C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart
AntSwitch.lnk - C:\WINDOWS\AntSwitch.exe
BTTray.lnk - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\BTTray.exe
Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE
Pylon Anywhere Client.lnk - C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-02 319488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"="C:\Programfiler\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe"="C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe"="C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe:*:Enabled:ClientShell - Client"
"C:\Programfiler\LeechFTP\Leechftp.exe"="C:\Programfiler\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Messenger\msmsgs.exe"="C:\Programfiler\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programfiler\Azureus\Azureus.exe"="C:\Programfiler\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe"="C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe:*:Enabled:3CX VoIP Client Application"
"C:\Programfiler\Internet Explorer\iexplore.exe"="C:\Programfiler\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Programfiler\devolo\informer\devinf.exe"="C:\Programfiler\devolo\informer\devinf.exe:*:Enabled:devolo Informer"
"C:\Programfiler\devolo\easyshare\easyshare.exe"="C:\Programfiler\devolo\easyshare\easyshare.exe:*:Enabled:devolo EasyShare"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programfiler\Bonjour\mDNSResponder.exe"="C:\Programfiler\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programfiler\iTunes\iTunes.exe"="C:\Programfiler\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programfiler\Skype\Phone\Skype.exe"="C:\Programfiler\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
======List of files/folders created in the last 1 months======
2008-10-03 20:35:09 ----D---- C:\_OTMoveIt
2008-10-03 17:19:40 ----D---- C:\rsit
2008-10-03 16:33:26 ----D---- C:\Documents and Settings\Jan Frode Pedersen\Programdata\Malwarebytes
2008-10-03 16:33:22 ----D---- C:\Programfiler\Malwarebytes' Anti-Malware
2008-10-03 16:33:22 ----D---- C:\Documents and Settings\All Users\Programdata\Malwarebytes
2008-10-02 19:38:55 ----D---- C:\Programfiler\Trend Micro
2008-10-02 17:59:31 ----A---- C:\WINDOWS\SoundCon.INI
2008-10-02 17:59:31 ----A---- C:\WINDOWS\fwupgrade.ini
2008-10-02 17:59:31 ----A---- C:\WINDOWS\Disktool.INI
2008-10-01 21:10:03 ----D---- C:\Programfiler\SDHelper (Spybot - Search & Destroy)
2008-10-01 19:41:44 ----D---- C:\Programfiler\SAV
2008-09-25 21:27:01 ----D---- C:\Programfiler\TeaTimer (Spybot - Search & Destroy)
2008-09-25 18:18:42 ----D---- C:\Programfiler\Apple Software Update
2008-09-25 18:16:36 ----D---- C:\Programfiler\iPod
2008-09-25 18:16:19 ----D---- C:\Programfiler\iTunes
2008-09-25 18:16:19 ----D---- C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-25 18:13:10 ----D---- C:\Programfiler\QuickTime
2008-09-25 18:05:49 ----D---- C:\Programfiler\Bonjour
2008-09-25 18:05:46 ----SHD---- C:\Config.Msi
2008-09-20 16:55:20 ----D---- C:\arkiv
2008-09-20 16:43:40 ----D---- C:\Programfiler\Free RAR Extract Frog
2008-09-11 16:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
======List of files/folders modified in the last 1 months======
2008-10-04 07:36:43 ----D---- C:\Temp
2008-10-03 21:09:30 ----D---- C:\WINDOWS\Prefetch
2008-10-03 20:35:09 ----RD---- C:\Programfiler
2008-10-03 18:35:29 ----D---- C:\WINDOWS\Temp
2008-10-03 18:23:58 ----D---- C:\Programfiler\3CX VoIP Client
2008-10-03 18:22:19 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-03 17:17:59 ----D---- C:\WINDOWS\system32
2008-10-03 16:33:49 ----D---- C:\WINDOWS\system32\drivers
2008-10-03 07:18:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-02 22:13:21 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-02 19:32:30 ----D---- C:\WINDOWS
2008-10-02 18:51:34 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-02 18:50:44 ----D---- C:\Programfiler\IDAutomation.com Code 39 Font Advantage Package DEMO
2008-10-02 18:50:02 ----D---- C:\WINDOWS\system32\MAGIX
2008-10-02 18:49:23 ----HD---- C:\WINDOWS\inf
2008-10-02 18:47:59 ----D---- C:\MAGIX
2008-10-02 18:08:25 ----D---- C:\Programfiler\Mozilla Firefox
2008-10-02 16:15:35 ----A---- C:\WINDOWS\imsins.BAK
2008-10-01 23:02:38 ----D---- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy
2008-10-01 22:19:41 ----D---- C:\Programfiler\Spybot - Search & Destroy
2008-10-01 20:56:24 ----D---- C:\WINDOWS\Minidump
2008-10-01 19:44:50 ----D---- C:\Documents and Settings\Jan Frode Pedersen\Programdata\Azureus
2008-10-01 17:01:11 ----D---- C:\Documents and Settings\Jan Frode Pedersen\Programdata\Skype
2008-09-28 14:37:36 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-25 18:18:48 ----SHD---- C:\WINDOWS\Installer
2008-09-25 18:18:44 ----SD---- C:\WINDOWS\Tasks
2008-09-25 18:17:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-25 18:13:31 ----D---- C:\Programfiler\Fellesfiler\Apple
2008-09-17 17:28:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-16 16:53:34 ----D---- C:\WINDOWS\Help
2008-09-11 16:37:33 ----D---- C:\WINDOWS\WinSxS
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel-prosessordriver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Tastatur-HID-driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Tcpip6;Microsoft IPv6-protokolldriver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 BtnHnd;BtnHnd; \??\C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.sys []
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\System32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\System32\drivers\btslbcsp.sys []
R2 INO_FLTR;INO_FLTR; \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys []
R2 irda;IrDA-protokoll; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo); C:\WINDOWS\system32\drivers\npf_devolo.sys [2007-02-07 35840]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibel transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-16 63232]
R2 NwlnkSpx;NWLink SPX/SPXII-protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-16 55936]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
R3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164; C:\WINDOWS\system32\drivers\A302.sys [2003-10-08 11831]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-09-24 1197740]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-11-21 113152]
R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2004-04-02 16896]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2004-04-02 30235]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2004-04-02 43603]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-04-02 53336]
R3 CmBatt;Driver for batteri med Microsoft ACPI-kontrollmetode; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\System32\DRIVERS\FUJ02B1.sys [2001-08-02 5248]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%; C:\WINDOWS\System32\Drivers\FUJ02E1.sys [2001-09-07 6000]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-10-08 93979]
R3 mouhid;HID-driver for mus; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-06 12160]
R3 Rasirda;WAN-miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-09-16 5888]
R3 SMCIRDA;SMC IrCC-miniportenhetsdriver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-10-06 35913]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-03-02 210992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2004-01-22 178816]
R3 tunmp;Microsoft Tun Miniport-kortdriver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 urvpndrv;F5 Networks VPN Adapter; C:\WINDOWS\system32\DRIVERS\urvpndrv.sys [2007-02-23 28160]
R3 usbehci;Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Driver for standard Microsoft USB-hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniportdriver for Microsoft USB universell vertskontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w22n51;Intel(R) PRO/Wireless 2200 Adapter-driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-03-08 1657344]
S3 ac97intc;Installasjonstjeneste for Intel(r) 82801-lyddriver (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BRIDGE;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2004-04-02 147864]
S3 f5ipfw;F5 Networks StoneWall Filter; \??\C:\WINDOWS\system32\drivers\urfltw2k.sys []
S3 gv3;Intel GV3-prosessordriver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-20 33408]
S3 HidUsb;Microsoft HID-klassedriver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 NIC1394;1394-nettverksdriver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Driver for Network Monitor; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NSCIRDA;NSC infrarød enhetsdriver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PCMCIABKPCMXP;Belkin 11Mbps Wireless Notebook Network Adapter; C:\WINDOWS\system32\DRIVERS\bkpcmxp.sys [2002-08-29 72832]
S3 rtl8139;Realtek RTL8139(A/B/C)-basert PCI Fast Ethernet-kort NT-driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 usbaudio;USB-lyddriver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB generell overordnet driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB-masselagringsenhet; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-12-06 104064]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]
S4 agp440;Intel AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Driver for AMD AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 3CXVoIPClientTunnel;3CX VoIP Client Tunnel; C:\Programfiler\3CX VoIP Client\3CXTunnel.exe [2008-04-14 970752]
R2 6to4;IPv6-hjelpetjeneste; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Bonjour Service;Bonjour-tjeneste; C:\Programfiler\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 btwdins;Bluetooth Service; C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe [2004-04-02 163840]
R2 InoRPC;eTrust Antivirus RPC Server; C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe [2003-02-13 144864]
R2 InoRT;eTrust Antivirus Realtime Server; C:\Programfiler\CA\eTrust Antivirus\InoRT.exe [2003-02-13 230880]
R2 InoTask;eTrust Antivirus Job Server; C:\Programfiler\CA\eTrust Antivirus\InoTask.exe [2003-02-13 234976]
R2 Irmon;Infrarød overvåking; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 LogWatch;Event Log Watch; C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
R2 Norman ZANDA;Norman ZANDA; C:\NORMAN\bin\zanda.exe [2005-09-06 176128]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R3 iPod Service;iPod-tjeneste; C:\Programfiler\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 CA_LIC_CLNT;CA License Client; C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;CA License Server; C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-23 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NipSvc;Norman API-hooking helper; C:\NORMAN\Nvc\BIN\nipsvc.exe []
S3 Norman NJeeves;Norman NJeeves; C:\NORMAN\bin\NJEEVES.EXE [2005-01-12 143360]
S3 UPnPService;UPnPService; C:\Programfiler\Fellesfiler\MAGIX Shared\UPnPService\UPnPService.exe [2005-11-08 647242]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader-tjeneste; C:\Programfiler\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programfiler\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-10-04 07:44:18
======Uninstall list======
-->C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programfiler\Fellesfiler\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3CX VoIP Client-->MsiExec.exe /I{39DF0B7C-6BAE-47CE-9513-78E75843D6C1}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.1.0 - Norsk-->MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agere Systems AC'97 Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Belkin 11Mbps Wireless Notebook Network Adapter-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{D9CFF910-6B4D-434A-85E8-F8A385140174}\Setup.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CA eTrust Antivirus-->C:\WINDOWS\IsUninst.exe -f"C:\Programfiler\CA\eTrust Antivirus\Uninst.isu" -c"C:\Programfiler\CA\eTrust Antivirus\InoSetup.dll"
devolo dLAN Configuration Wizard-->C:\Programfiler\devolo\setup.exe /remove:dlanconf
devolo EasyClean-->C:\Programfiler\devolo\setup.exe /remove:easyclean
devolo EasyShare-->C:\Programfiler\devolo\setup.exe /remove:easyshare
devolo Informer-->C:\Programfiler\devolo\setup.exe /remove:dslmon
DivX Codec-->C:\Programfiler\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programfiler\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programfiler\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Free RAR Extract Frog 1.00-->C:\Programfiler\Free RAR Extract Frog\uninstall.exe
Fujitsu Hotkey Utility-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{6F5746DF-18E9-4E35-9032-D5F551E7CD5A}\setup.exe"
Fujitsu Siemens Computers Bluetooth Software-->MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
Garmin City Navigator Europe NT 2008 Update-->MsiExec.exe /X{F89078FA-D069-462D-AB34-75483E0A38F1}
Garmin City Navigator North America NT 2008 Update-->MsiExec.exe /X{96AF271A-43B5-4615-8D00-26B45EE58FC8}
Garmin POI Loader-->MsiExec.exe /X{80A2A967-C1B7-412D-B2B2-C4A33209C205}
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\programfiler\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hurtigreparasjon for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
InterVideo WinDVD-->"C:\Programfiler\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Lifebook Application Panel-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{44065383-B953-11D6-B1DF-00000E5F1C10}\setup.exe"
Malwarebytes' Anti-Malware-->"C:\Programfiler\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework (Norwegian) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1044)
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M9283671044\M9283671044Uninstall.msp"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync 3.8-->"C:\WINDOWS\ISUNINST.EXE" -f"C:\Programfiler\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Programfiler\Microsoft ActiveSync\ceuninst.dll"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Mozilla Firefox (3.0.1)-->C:\Programfiler\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 3.57-->MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
MP3 Player Utilities-->MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero OEM-->C:\Programfiler\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 SE-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Oppdatering for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Pylon Anywhere PC Software-->MsiExec.exe /X{BCDDB9D5-8818-420A-B276-5A140639019E}
Påloggingsassistent for Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Programfiler\Fellesfiler\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Skype 2.5-->"C:\Programfiler\Skype\Phone\unins000.exe"
Sony Ericsson MMS Home Studio-->MsiExec.exe /X{7828342A-B269-4387-9A2B-84AF300F0983}
Spybot - Search & Destroy 1.3-->"C:\Programfiler\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Programfiler\Spybot - Search & Destroy\unins001.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Programfiler\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Fotogalleri-->MsiExec.exe /X{F8A982AA-8114-4293-BE8E-0DC07D96134E}
Windows Live installer-->MsiExec.exe /X{4218D9DC-282B-4596-BEA5-F20560C14400}
Windows Live Mail-->MsiExec.exe /I{29CB1674-DE1D-4D39-A871-FA0194FC58E9}
Windows Live Messenger-->MsiExec.exe /X{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}
Windows Live Writer-->MsiExec.exe /X{B2F5D5EC-C3DD-4A8B-8E9B-C4426FCF19E6}
Windows Media Format Runtime-->"C:\Programfiler\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programfiler\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Norman Virus Control ver. 5.80 (outdated)
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\CA\SHARED~1\SCANEN~1;C:\PROGRA~1\CA\ETRUST~1;C:\Programfiler\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"AVENGINE"=C:\PROGRA~1\CA\SHARED~1\SCANEN~1
"INOCULAN"=C:\PROGRA~1\CA\ETRUST~1
"CLASSPATH"=.;C:\Programfiler\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Programfiler\Java\jre1.6.0_05\lib\ext\QTJava.zip
-----------------EOF-----------------
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, October 4, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, October 03, 2008 18:42:54
Records in database: 1286682
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 69557
Threat name: 7
Infected objects: 10
Suspicious objects: 0
Duration of the scan: 02:27:10
File name / Threat name / Threats count
C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temp\5491.exe Infected: not-a-virus:FraudTool.Win32.MSAntivirus.au 1
C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temporary Internet Files\Content.IE5\1F9W3WNP\index[1].js Infected: Trojan-Downloader.JS.Agent.cln 1
C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temporary Internet Files\Content.IE5\D0C66E23\downloadmanager.207[1].exe Infected: Trojan-Downloader.Win32.CodecPack.ay 1
C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temporary Internet Files\Content.IE5\VWGWTFMO\5491[1].exe Infected: not-a-virus:FraudTool.Win32.MSAntivirus.au 1
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads\MS Office Publisher 2007 [+key].iso Infected: Trojan.Win32.FraudPack.gen 1
C:\Documents and Settings\Jan Frode Pedersen\Skrivebord\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
D:\InoStor\Mail mm\archive.pst Infected: Email-Worm.Win32.Swen 1
D:\TAD\Mail arkiv\2004 received.pst Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 3
The selected area was scanned.
Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temp\5491.exe
C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temporary Internet Files\Content.IE5\1F9W3WNP\index[1].js
C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temporary Internet Files\Content.IE5\D0C66E23\downloadmanager.207[1].exe
C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temporary Internet Files\Content.IE5\VWGWTFMO\5491[1].exe
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads
EmptyTemp
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
JF Pedersen
2008-10-05, 16:33
Hi.
Here is the log:
Regards
Jan
C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temp\5491.exe moved successfully.
< C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temporary Internet Files\Content.IE5\1F9W3WNP\index[1].js >
File/Folder C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temporary Internet Files\Content.IE5\1F9W3WNP\index[1].js not found.
< C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temporary Internet Files\Content.IE5\D0C66E23\downloadmanager.207[1].exe >
File/Folder C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temporary Internet Files\Content.IE5\D0C66E23\downloadmanager.207[1].exe not found.
< C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temporary Internet Files\Content.IE5\VWGWTFMO\5491[1].exe >
File/Folder C:\Documents and Settings\Jan Frode Pedersen\Lokale innstillinger\Temporary Internet Files\Content.IE5\VWGWTFMO\5491[1].exe not found.
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads\Varg.Veum.Kvinnen.I.Kjoeleskapet.SWESUB.DVDRip.Xvid-monica112 moved successfully.
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads\mink deville rockpalast 17-10-1981 video moved successfully.
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads\Microsoft word 2007 Full Activate Lisense moved successfully.
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads\Guide\mink deville rockpalast 17-10-1981 video moved successfully.
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads\Guide moved successfully.
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads\Garmin-City Navigator North America NT 2008\USB_Drivers\I386 moved successfully.
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads\Garmin-City Navigator North America NT 2008\USB_Drivers\Amd64 moved successfully.
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads\Garmin-City Navigator North America NT 2008\USB_Drivers moved successfully.
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads\Garmin-City Navigator North America NT 2008\unlocker moved successfully.
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads\Garmin-City Navigator North America NT 2008\instal dir moved successfully.
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads\Garmin-City Navigator North America NT 2008 moved successfully.
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads moved successfully.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10052008_153112
It appears that Garmin City Navigator North America NT 2008 Update is not legit.
So please uninstall it.
Delete info.txt from RSIT folder.
Re-run RSIT and post back fresh logs, please.
JF Pedersen
2008-10-05, 22:06
Hi
I have legit Garmin maps, this is for backup so I believe I can keep this.
Cheers
Jan
info.txt logfile of random's system information tool 1.04 2008-10-05 21:00:51
======Uninstall list======
-->C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programfiler\Fellesfiler\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3CX VoIP Client-->MsiExec.exe /I{39DF0B7C-6BAE-47CE-9513-78E75843D6C1}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.1.0 - Norsk-->MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agere Systems AC'97 Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Belkin 11Mbps Wireless Notebook Network Adapter-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{D9CFF910-6B4D-434A-85E8-F8A385140174}\Setup.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CA eTrust Antivirus-->C:\WINDOWS\IsUninst.exe -f"C:\Programfiler\CA\eTrust Antivirus\Uninst.isu" -c"C:\Programfiler\CA\eTrust Antivirus\InoSetup.dll"
devolo dLAN Configuration Wizard-->C:\Programfiler\devolo\setup.exe /remove:dlanconf
devolo EasyClean-->C:\Programfiler\devolo\setup.exe /remove:easyclean
devolo EasyShare-->C:\Programfiler\devolo\setup.exe /remove:easyshare
devolo Informer-->C:\Programfiler\devolo\setup.exe /remove:dslmon
DivX Codec-->C:\Programfiler\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programfiler\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programfiler\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Free RAR Extract Frog 1.00-->C:\Programfiler\Free RAR Extract Frog\uninstall.exe
Fujitsu Hotkey Utility-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{6F5746DF-18E9-4E35-9032-D5F551E7CD5A}\setup.exe"
Fujitsu Siemens Computers Bluetooth Software-->MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
Garmin City Navigator Europe NT 2008 Update-->MsiExec.exe /X{F89078FA-D069-462D-AB34-75483E0A38F1}
Garmin City Navigator North America NT 2008 Update-->MsiExec.exe /X{96AF271A-43B5-4615-8D00-26B45EE58FC8}
Garmin POI Loader-->MsiExec.exe /X{80A2A967-C1B7-412D-B2B2-C4A33209C205}
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\programfiler\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hurtigreparasjon for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
InterVideo WinDVD-->"C:\Programfiler\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Lifebook Application Panel-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{44065383-B953-11D6-B1DF-00000E5F1C10}\setup.exe"
Malwarebytes' Anti-Malware-->"C:\Programfiler\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework (Norwegian) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1044)
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M9283671044\M9283671044Uninstall.msp"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync 3.8-->"C:\WINDOWS\ISUNINST.EXE" -f"C:\Programfiler\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Programfiler\Microsoft ActiveSync\ceuninst.dll"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Mozilla Firefox (3.0.1)-->C:\Programfiler\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 3.57-->MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
MP3 Player Utilities-->MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero OEM-->C:\Programfiler\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 SE-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Oppdatering for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Pylon Anywhere PC Software-->MsiExec.exe /X{BCDDB9D5-8818-420A-B276-5A140639019E}
Påloggingsassistent for Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Programfiler\Fellesfiler\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Skype 2.5-->"C:\Programfiler\Skype\Phone\unins000.exe"
Sony Ericsson MMS Home Studio-->MsiExec.exe /X{7828342A-B269-4387-9A2B-84AF300F0983}
Spybot - Search & Destroy 1.3-->"C:\Programfiler\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Programfiler\Spybot - Search & Destroy\unins001.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Programfiler\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Fotogalleri-->MsiExec.exe /X{F8A982AA-8114-4293-BE8E-0DC07D96134E}
Windows Live installer-->MsiExec.exe /X{4218D9DC-282B-4596-BEA5-F20560C14400}
Windows Live Mail-->MsiExec.exe /I{29CB1674-DE1D-4D39-A871-FA0194FC58E9}
Windows Live Messenger-->MsiExec.exe /X{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}
Windows Live Writer-->MsiExec.exe /X{B2F5D5EC-C3DD-4A8B-8E9B-C4426FCF19E6}
Windows Media Format Runtime-->"C:\Programfiler\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programfiler\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Norman Virus Control ver. 5.80 (outdated)
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\CA\SHARED~1\SCANEN~1;C:\PROGRA~1\CA\ETRUST~1;C:\Programfiler\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"AVENGINE"=C:\PROGRA~1\CA\SHARED~1\SCANEN~1
"INOCULAN"=C:\PROGRA~1\CA\ETRUST~1
"CLASSPATH"=.;C:\Programfiler\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Programfiler\Java\jre1.6.0_05\lib\ext\QTJava.zip
-----------------EOF-----------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by Jan Frode Pedersen at 2008-10-05 21:00:22
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (46%) free of 40 GB
Total RAM: 502 MB (27% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:46, on 05.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\3CX VoIP Client\3CXTunnel.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe
C:\Programfiler\CA\eTrust Antivirus\InoRT.exe
C:\Programfiler\CA\eTrust Antivirus\InoTask.exe
C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\NORMAN\bin\zanda.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\ltmoh\Ltmoh.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\AntSwitch.exe
C:\Programfiler\Fujitsu Siemens\Bluetooth Software\BTTray.exe
C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe
C:\PROGRA~1\FUJITS~1\BLUETO~1\BTSTAC~1.EXE
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jan Frode Pedersen\Skrivebord\RSIT.exe
C:\Programfiler\Trend Micro\HijackThis\Jan Frode Pedersen.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettavisen.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.112:8020
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programfiler\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SNM] C:\Programfiler\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [3CXPhone] "C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-21-2247627943-757939136-1269127235-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Ingrid')
O4 - HKUS\S-1-5-21-2247627943-757939136-1269127235-1005\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Ingrid')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AntSwitch.lnk = C:\WINDOWS\AntSwitch.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pylon Anywhere Client.lnk = C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxvpn.cab#version=6010,2007,0223,0327
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\JANFRO~1\LOKALE~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://nw-fp-001.asplogon.com/vdesk/terminal/urTermProxy.cab#version=6010,2007,0223,0314
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - https://nw-fp-001.asplogon.com/vdesk/terminal/msrdp.cab#version=5,2,3790,0
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - http://10.2.8.241/en/SyncInstall.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://146.59.90.200/activex/AxisCamControl.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxshost.cab#version=6010,2007,0223,0320
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxhost.cab#version=6010,2007,0223,0312
O23 - Service: 3CX VoIP Client Tunnel (3CXVoIPClientTunnel) - 3CX Software Ltd. - C:\Programfiler\3CX VoIP Client\3CXTunnel.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\NORMAN\bin\zanda.exe
O23 - Service: UPnPService - Unknown owner - C:\Programfiler\Fellesfiler\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 12516 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Påloggingshjelp for Windows Live - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\programfiler\google\googletoolbar2.dll [2007-11-23 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-20 734704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\programfiler\google\googletoolbar2.dll [2007-11-23 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe [2004-01-22 98304]
"SynTPEnh"=C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe [2004-01-22 495616]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-10-02 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-10-02 118784]
"IndicatorUtility"=C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2003-11-13 81920]
"LoadFujitsuQuickTouch"=C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe [2002-08-29 353792]
"LoadBtnHnd"=C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe [2002-08-27 61440]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-09-24 88363]
"LtMoh"=C:\Programfiler\ltmoh\Ltmoh.exe [2003-09-06 184320]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Norman ZANDA"=C:\NORMAN\bin\ZLH.EXE [2006-05-31 135168]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe []
"Realtime Monitor"=C:\PROGRA~1\CA\ETRUST~1\realmon.exe [2003-02-13 493024]
"QuickTime Task"=C:\Programfiler\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Programfiler\iTunes\iTunesHelper.exe [2008-09-10 289576]
"SNM"=C:\Programfiler\SpyNoMore\SNM.exe /startup []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE [2005-01-04 405583]
"Skype"=C:\Programfiler\Skype\Phone\Skype.exe [2006-11-24 20058152]
"swg"=C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-23 68856]
"3CXPhone"=C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe [2008-04-15 2759680]
"SpybotSD TeaTimer"=C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart
AntSwitch.lnk - C:\WINDOWS\AntSwitch.exe
BTTray.lnk - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\BTTray.exe
Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE
Pylon Anywhere Client.lnk - C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-02 319488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"="C:\Programfiler\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe"="C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe"="C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe:*:Enabled:ClientShell - Client"
"C:\Programfiler\LeechFTP\Leechftp.exe"="C:\Programfiler\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Messenger\msmsgs.exe"="C:\Programfiler\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programfiler\Azureus\Azureus.exe"="C:\Programfiler\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe"="C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe:*:Enabled:3CX VoIP Client Application"
"C:\Programfiler\Internet Explorer\iexplore.exe"="C:\Programfiler\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Programfiler\devolo\informer\devinf.exe"="C:\Programfiler\devolo\informer\devinf.exe:*:Enabled:devolo Informer"
"C:\Programfiler\devolo\easyshare\easyshare.exe"="C:\Programfiler\devolo\easyshare\easyshare.exe:*:Enabled:devolo EasyShare"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programfiler\Bonjour\mDNSResponder.exe"="C:\Programfiler\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programfiler\iTunes\iTunes.exe"="C:\Programfiler\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programfiler\Skype\Phone\Skype.exe"="C:\Programfiler\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
======List of files/folders created in the last 1 months======
2008-10-03 20:35:09 ----D---- C:\_OTMoveIt
2008-10-03 17:19:40 ----D---- C:\rsit
2008-10-03 16:33:26 ----D---- C:\Documents and Settings\Jan Frode Pedersen\Programdata\Malwarebytes
2008-10-03 16:33:22 ----D---- C:\Programfiler\Malwarebytes' Anti-Malware
2008-10-03 16:33:22 ----D---- C:\Documents and Settings\All Users\Programdata\Malwarebytes
2008-10-02 19:38:55 ----D---- C:\Programfiler\Trend Micro
2008-10-02 17:59:31 ----A---- C:\WINDOWS\SoundCon.INI
2008-10-02 17:59:31 ----A---- C:\WINDOWS\fwupgrade.ini
2008-10-02 17:59:31 ----A---- C:\WINDOWS\Disktool.INI
2008-10-01 21:10:03 ----D---- C:\Programfiler\SDHelper (Spybot - Search & Destroy)
2008-10-01 19:41:44 ----D---- C:\Programfiler\SAV
2008-09-25 21:27:01 ----D---- C:\Programfiler\TeaTimer (Spybot - Search & Destroy)
2008-09-25 18:18:42 ----D---- C:\Programfiler\Apple Software Update
2008-09-25 18:16:36 ----D---- C:\Programfiler\iPod
2008-09-25 18:16:19 ----D---- C:\Programfiler\iTunes
2008-09-25 18:16:19 ----D---- C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-25 18:13:10 ----D---- C:\Programfiler\QuickTime
2008-09-25 18:05:49 ----D---- C:\Programfiler\Bonjour
2008-09-25 18:05:46 ----SHD---- C:\Config.Msi
2008-09-20 16:55:20 ----D---- C:\arkiv
2008-09-20 16:43:40 ----D---- C:\Programfiler\Free RAR Extract Frog
2008-09-11 16:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
======List of files/folders modified in the last 1 months======
2008-10-05 20:57:16 ----D---- C:\WINDOWS\Prefetch
2008-10-05 18:30:51 ----D---- C:\WINDOWS\Temp
2008-10-04 07:36:43 ----D---- C:\Temp
2008-10-03 20:35:09 ----RD---- C:\Programfiler
2008-10-03 18:23:58 ----D---- C:\Programfiler\3CX VoIP Client
2008-10-03 18:22:19 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-03 17:17:59 ----D---- C:\WINDOWS\system32
2008-10-03 16:33:49 ----D---- C:\WINDOWS\system32\drivers
2008-10-03 07:18:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-02 22:13:21 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-02 19:32:30 ----D---- C:\WINDOWS
2008-10-02 18:51:34 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-02 18:50:44 ----D---- C:\Programfiler\IDAutomation.com Code 39 Font Advantage Package DEMO
2008-10-02 18:50:02 ----D---- C:\WINDOWS\system32\MAGIX
2008-10-02 18:49:23 ----HD---- C:\WINDOWS\inf
2008-10-02 18:47:59 ----D---- C:\MAGIX
2008-10-02 18:08:25 ----D---- C:\Programfiler\Mozilla Firefox
2008-10-02 16:15:35 ----A---- C:\WINDOWS\imsins.BAK
2008-10-01 23:02:38 ----D---- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy
2008-10-01 22:19:41 ----D---- C:\Programfiler\Spybot - Search & Destroy
2008-10-01 20:56:24 ----D---- C:\WINDOWS\Minidump
2008-10-01 19:44:50 ----D---- C:\Documents and Settings\Jan Frode Pedersen\Programdata\Azureus
2008-10-01 17:01:11 ----D---- C:\Documents and Settings\Jan Frode Pedersen\Programdata\Skype
2008-09-28 14:37:36 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-25 18:18:48 ----SHD---- C:\WINDOWS\Installer
2008-09-25 18:18:44 ----SD---- C:\WINDOWS\Tasks
2008-09-25 18:17:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-25 18:13:31 ----D---- C:\Programfiler\Fellesfiler\Apple
2008-09-17 17:28:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-16 16:53:34 ----D---- C:\WINDOWS\Help
2008-09-11 16:37:33 ----D---- C:\WINDOWS\WinSxS
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel-prosessordriver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Tastatur-HID-driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Tcpip6;Microsoft IPv6-protokolldriver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 BtnHnd;BtnHnd; \??\C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.sys []
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\System32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\System32\drivers\btslbcsp.sys []
R2 INO_FLTR;INO_FLTR; \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys []
R2 irda;IrDA-protokoll; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo); C:\WINDOWS\system32\drivers\npf_devolo.sys [2007-02-07 35840]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibel transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-16 63232]
R2 NwlnkSpx;NWLink SPX/SPXII-protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-16 55936]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
R3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164; C:\WINDOWS\system32\drivers\A302.sys [2003-10-08 11831]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-09-24 1197740]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-11-21 113152]
R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2004-04-02 16896]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2004-04-02 30235]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2004-04-02 43603]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-04-02 53336]
R3 CmBatt;Driver for batteri med Microsoft ACPI-kontrollmetode; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\System32\DRIVERS\FUJ02B1.sys [2001-08-02 5248]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%; C:\WINDOWS\System32\Drivers\FUJ02E1.sys [2001-09-07 6000]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-10-08 93979]
R3 mouhid;HID-driver for mus; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-06 12160]
R3 Rasirda;WAN-miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-09-16 5888]
R3 SMCIRDA;SMC IrCC-miniportenhetsdriver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-10-06 35913]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-03-02 210992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2004-01-22 178816]
R3 tunmp;Microsoft Tun Miniport-kortdriver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 urvpndrv;F5 Networks VPN Adapter; C:\WINDOWS\system32\DRIVERS\urvpndrv.sys [2007-02-23 28160]
R3 usbehci;Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Driver for standard Microsoft USB-hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniportdriver for Microsoft USB universell vertskontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w22n51;Intel(R) PRO/Wireless 2200 Adapter-driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-03-08 1657344]
S3 ac97intc;Installasjonstjeneste for Intel(r) 82801-lyddriver (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BRIDGE;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2004-04-02 147864]
S3 f5ipfw;F5 Networks StoneWall Filter; \??\C:\WINDOWS\system32\drivers\urfltw2k.sys []
S3 gv3;Intel GV3-prosessordriver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-20 33408]
S3 HidUsb;Microsoft HID-klassedriver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 NIC1394;1394-nettverksdriver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Driver for Network Monitor; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NSCIRDA;NSC infrarød enhetsdriver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PCMCIABKPCMXP;Belkin 11Mbps Wireless Notebook Network Adapter; C:\WINDOWS\system32\DRIVERS\bkpcmxp.sys [2002-08-29 72832]
S3 rtl8139;Realtek RTL8139(A/B/C)-basert PCI Fast Ethernet-kort NT-driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 usbaudio;USB-lyddriver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB generell overordnet driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB-masselagringsenhet; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-12-06 104064]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]
S4 agp440;Intel AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Driver for AMD AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 3CXVoIPClientTunnel;3CX VoIP Client Tunnel; C:\Programfiler\3CX VoIP Client\3CXTunnel.exe [2008-04-14 970752]
R2 6to4;IPv6-hjelpetjeneste; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Bonjour Service;Bonjour-tjeneste; C:\Programfiler\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 btwdins;Bluetooth Service; C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe [2004-04-02 163840]
R2 InoRPC;eTrust Antivirus RPC Server; C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe [2003-02-13 144864]
R2 InoRT;eTrust Antivirus Realtime Server; C:\Programfiler\CA\eTrust Antivirus\InoRT.exe [2003-02-13 230880]
R2 InoTask;eTrust Antivirus Job Server; C:\Programfiler\CA\eTrust Antivirus\InoTask.exe [2003-02-13 234976]
R2 Irmon;Infrarød overvåking; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 LogWatch;Event Log Watch; C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
R2 Norman ZANDA;Norman ZANDA; C:\NORMAN\bin\zanda.exe [2005-09-06 176128]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R3 iPod Service;iPod-tjeneste; C:\Programfiler\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 CA_LIC_CLNT;CA License Client; C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;CA License Server; C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-23 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NipSvc;Norman API-hooking helper; C:\NORMAN\Nvc\BIN\nipsvc.exe []
S3 Norman NJeeves;Norman NJeeves; C:\NORMAN\bin\NJEEVES.EXE [2005-01-12 143360]
S3 UPnPService;UPnPService; C:\Programfiler\Fellesfiler\MAGIX Shared\UPnPService\UPnPService.exe [2005-11-08 647242]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader-tjeneste; C:\Programfiler\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programfiler\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
-----------------EOF-----------------
If it is legit, how would you explain these?
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads\Garmin-City Navigator North America NT 2008\USB_Drivers\I386 moved successfully.
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads\Garmin-City Navigator North America NT 2008\USB_Drivers\Amd64 moved successfully.
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads\Garmin-City Navigator North America NT 2008\USB_Drivers moved successfully.
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads\Garmin-City Navigator North America NT 2008\unlocker moved successfully.
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads\Garmin-City Navigator North America NT 2008\instal dir moved successfully.
C:\Documents and Settings\Jan Frode Pedersen\Mine dokumenter\Azureus Downloads\Garmin-City Navigator North America NT 2008 moved successfully.
Especially unlocker (=crack) one and location in Azureus Downloads folder.
JF Pedersen
2008-10-05, 22:23
I didn't say that the copy on this machine was legit, but that I have a legit copy on a GPS device and downloaded this a backup.
JF Pedersen
2008-10-05, 23:10
To avoid any discussion on the topic I removed the maps installed from a downloaded copy, please see updated logs.
Good nigh!
Jan-Frode
Logfile of random's system information tool 1.04 (written by random/random)
Run by Jan Frode Pedersen at 2008-10-05 22:08:48
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (46%) free of 40 GB
Total RAM: 502 MB (21% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:53, on 05.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\3CX VoIP Client\3CXTunnel.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe
C:\Programfiler\CA\eTrust Antivirus\InoRT.exe
C:\Programfiler\CA\eTrust Antivirus\InoTask.exe
C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\NORMAN\bin\zanda.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\ltmoh\Ltmoh.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\AntSwitch.exe
C:\Programfiler\Fujitsu Siemens\Bluetooth Software\BTTray.exe
C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe
C:\PROGRA~1\FUJITS~1\BLUETO~1\BTSTAC~1.EXE
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Documents and Settings\Jan Frode Pedersen\Skrivebord\RSIT.exe
C:\Programfiler\Trend Micro\HijackThis\Jan Frode Pedersen.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettavisen.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.112:8020
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programfiler\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SNM] C:\Programfiler\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [3CXPhone] "C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-21-2247627943-757939136-1269127235-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Ingrid')
O4 - HKUS\S-1-5-21-2247627943-757939136-1269127235-1005\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Ingrid')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AntSwitch.lnk = C:\WINDOWS\AntSwitch.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pylon Anywhere Client.lnk = C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxvpn.cab#version=6010,2007,0223,0327
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\JANFRO~1\LOKALE~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://nw-fp-001.asplogon.com/vdesk/terminal/urTermProxy.cab#version=6010,2007,0223,0314
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - https://nw-fp-001.asplogon.com/vdesk/terminal/msrdp.cab#version=5,2,3790,0
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - http://10.2.8.241/en/SyncInstall.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://146.59.90.200/activex/AxisCamControl.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxshost.cab#version=6010,2007,0223,0320
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxhost.cab#version=6010,2007,0223,0312
O23 - Service: 3CX VoIP Client Tunnel (3CXVoIPClientTunnel) - 3CX Software Ltd. - C:\Programfiler\3CX VoIP Client\3CXTunnel.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\NORMAN\bin\zanda.exe
O23 - Service: UPnPService - Unknown owner - C:\Programfiler\Fellesfiler\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 12551 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Påloggingshjelp for Windows Live - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\programfiler\google\googletoolbar2.dll [2007-11-23 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-20 734704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\programfiler\google\googletoolbar2.dll [2007-11-23 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe [2004-01-22 98304]
"SynTPEnh"=C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe [2004-01-22 495616]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-10-02 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-10-02 118784]
"IndicatorUtility"=C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2003-11-13 81920]
"LoadFujitsuQuickTouch"=C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe [2002-08-29 353792]
"LoadBtnHnd"=C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe [2002-08-27 61440]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-09-24 88363]
"LtMoh"=C:\Programfiler\ltmoh\Ltmoh.exe [2003-09-06 184320]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Norman ZANDA"=C:\NORMAN\bin\ZLH.EXE [2006-05-31 135168]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe []
"Realtime Monitor"=C:\PROGRA~1\CA\ETRUST~1\realmon.exe [2003-02-13 493024]
"QuickTime Task"=C:\Programfiler\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Programfiler\iTunes\iTunesHelper.exe [2008-09-10 289576]
"SNM"=C:\Programfiler\SpyNoMore\SNM.exe /startup []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE [2005-01-04 405583]
"Skype"=C:\Programfiler\Skype\Phone\Skype.exe [2006-11-24 20058152]
"swg"=C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-23 68856]
"3CXPhone"=C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe [2008-04-15 2759680]
"SpybotSD TeaTimer"=C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart
AntSwitch.lnk - C:\WINDOWS\AntSwitch.exe
BTTray.lnk - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\BTTray.exe
Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE
Pylon Anywhere Client.lnk - C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-02 319488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"="C:\Programfiler\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe"="C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe"="C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe:*:Enabled:ClientShell - Client"
"C:\Programfiler\LeechFTP\Leechftp.exe"="C:\Programfiler\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Messenger\msmsgs.exe"="C:\Programfiler\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programfiler\Azureus\Azureus.exe"="C:\Programfiler\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe"="C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe:*:Enabled:3CX VoIP Client Application"
"C:\Programfiler\Internet Explorer\iexplore.exe"="C:\Programfiler\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Programfiler\devolo\informer\devinf.exe"="C:\Programfiler\devolo\informer\devinf.exe:*:Enabled:devolo Informer"
"C:\Programfiler\devolo\easyshare\easyshare.exe"="C:\Programfiler\devolo\easyshare\easyshare.exe:*:Enabled:devolo EasyShare"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programfiler\Bonjour\mDNSResponder.exe"="C:\Programfiler\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programfiler\iTunes\iTunes.exe"="C:\Programfiler\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programfiler\Skype\Phone\Skype.exe"="C:\Programfiler\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df7b02c3-e45a-11d8-9a54-806d6172696f}]
shell\AutoRun\command - E:\Setup.exe
======List of files/folders created in the last 1 months======
2008-10-03 20:35:09 ----D---- C:\_OTMoveIt
2008-10-03 17:19:40 ----D---- C:\rsit
2008-10-03 16:33:26 ----D---- C:\Documents and Settings\Jan Frode Pedersen\Programdata\Malwarebytes
2008-10-03 16:33:22 ----D---- C:\Programfiler\Malwarebytes' Anti-Malware
2008-10-03 16:33:22 ----D---- C:\Documents and Settings\All Users\Programdata\Malwarebytes
2008-10-02 19:38:55 ----D---- C:\Programfiler\Trend Micro
2008-10-02 17:59:31 ----A---- C:\WINDOWS\SoundCon.INI
2008-10-02 17:59:31 ----A---- C:\WINDOWS\fwupgrade.ini
2008-10-02 17:59:31 ----A---- C:\WINDOWS\Disktool.INI
2008-10-01 21:10:03 ----D---- C:\Programfiler\SDHelper (Spybot - Search & Destroy)
2008-10-01 19:41:44 ----D---- C:\Programfiler\SAV
2008-09-25 21:27:01 ----D---- C:\Programfiler\TeaTimer (Spybot - Search & Destroy)
2008-09-25 18:18:42 ----D---- C:\Programfiler\Apple Software Update
2008-09-25 18:16:36 ----D---- C:\Programfiler\iPod
2008-09-25 18:16:19 ----D---- C:\Programfiler\iTunes
2008-09-25 18:16:19 ----D---- C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-25 18:13:10 ----D---- C:\Programfiler\QuickTime
2008-09-25 18:05:49 ----D---- C:\Programfiler\Bonjour
2008-09-20 16:55:20 ----D---- C:\arkiv
2008-09-20 16:43:40 ----D---- C:\Programfiler\Free RAR Extract Frog
2008-09-11 16:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
======List of files/folders modified in the last 1 months======
2008-10-05 22:04:14 ----D---- C:\Garmin
2008-10-05 22:04:13 ----SHD---- C:\WINDOWS\Installer
2008-10-05 21:36:35 ----D---- C:\WINDOWS\Prefetch
2008-10-05 20:57:20 ----D---- C:\WINDOWS\Temp
2008-10-04 07:36:43 ----D---- C:\Temp
2008-10-03 20:35:09 ----RD---- C:\Programfiler
2008-10-03 18:23:58 ----D---- C:\Programfiler\3CX VoIP Client
2008-10-03 18:22:19 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-03 17:17:59 ----D---- C:\WINDOWS\system32
2008-10-03 16:33:49 ----D---- C:\WINDOWS\system32\drivers
2008-10-03 07:18:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-02 22:13:21 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-02 19:32:30 ----D---- C:\WINDOWS
2008-10-02 18:51:34 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-02 18:50:44 ----D---- C:\Programfiler\IDAutomation.com Code 39 Font Advantage Package DEMO
2008-10-02 18:50:02 ----D---- C:\WINDOWS\system32\MAGIX
2008-10-02 18:49:23 ----HD---- C:\WINDOWS\inf
2008-10-02 18:47:59 ----D---- C:\MAGIX
2008-10-02 18:08:25 ----D---- C:\Programfiler\Mozilla Firefox
2008-10-02 16:15:35 ----A---- C:\WINDOWS\imsins.BAK
2008-10-01 23:02:38 ----D---- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy
2008-10-01 22:19:41 ----D---- C:\Programfiler\Spybot - Search & Destroy
2008-10-01 20:56:24 ----D---- C:\WINDOWS\Minidump
2008-10-01 19:44:50 ----D---- C:\Documents and Settings\Jan Frode Pedersen\Programdata\Azureus
2008-10-01 17:01:11 ----D---- C:\Documents and Settings\Jan Frode Pedersen\Programdata\Skype
2008-09-28 14:37:36 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-25 18:18:44 ----SD---- C:\WINDOWS\Tasks
2008-09-25 18:17:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-25 18:13:31 ----D---- C:\Programfiler\Fellesfiler\Apple
2008-09-17 17:28:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-16 16:53:34 ----D---- C:\WINDOWS\Help
2008-09-11 16:37:33 ----D---- C:\WINDOWS\WinSxS
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel-prosessordriver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Tastatur-HID-driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Tcpip6;Microsoft IPv6-protokolldriver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 BtnHnd;BtnHnd; \??\C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.sys []
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\System32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\System32\drivers\btslbcsp.sys []
R2 INO_FLTR;INO_FLTR; \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys []
R2 irda;IrDA-protokoll; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo); C:\WINDOWS\system32\drivers\npf_devolo.sys [2007-02-07 35840]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibel transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-16 63232]
R2 NwlnkSpx;NWLink SPX/SPXII-protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-16 55936]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
R3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164; C:\WINDOWS\system32\drivers\A302.sys [2003-10-08 11831]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-09-24 1197740]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-11-21 113152]
R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2004-04-02 16896]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2004-04-02 30235]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2004-04-02 43603]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-04-02 53336]
R3 CmBatt;Driver for batteri med Microsoft ACPI-kontrollmetode; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\System32\DRIVERS\FUJ02B1.sys [2001-08-02 5248]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%; C:\WINDOWS\System32\Drivers\FUJ02E1.sys [2001-09-07 6000]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-10-08 93979]
R3 mouhid;HID-driver for mus; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-06 12160]
R3 Rasirda;WAN-miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-09-16 5888]
R3 SMCIRDA;SMC IrCC-miniportenhetsdriver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-10-06 35913]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-03-02 210992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2004-01-22 178816]
R3 tunmp;Microsoft Tun Miniport-kortdriver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 urvpndrv;F5 Networks VPN Adapter; C:\WINDOWS\system32\DRIVERS\urvpndrv.sys [2007-02-23 28160]
R3 usbehci;Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Driver for standard Microsoft USB-hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniportdriver for Microsoft USB universell vertskontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w22n51;Intel(R) PRO/Wireless 2200 Adapter-driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-03-08 1657344]
S3 ac97intc;Installasjonstjeneste for Intel(r) 82801-lyddriver (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BRIDGE;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2004-04-02 147864]
S3 f5ipfw;F5 Networks StoneWall Filter; \??\C:\WINDOWS\system32\drivers\urfltw2k.sys []
S3 gv3;Intel GV3-prosessordriver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-20 33408]
S3 HidUsb;Microsoft HID-klassedriver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 NIC1394;1394-nettverksdriver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Driver for Network Monitor; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NSCIRDA;NSC infrarød enhetsdriver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PCMCIABKPCMXP;Belkin 11Mbps Wireless Notebook Network Adapter; C:\WINDOWS\system32\DRIVERS\bkpcmxp.sys [2002-08-29 72832]
S3 rtl8139;Realtek RTL8139(A/B/C)-basert PCI Fast Ethernet-kort NT-driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 usbaudio;USB-lyddriver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB generell overordnet driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB-masselagringsenhet; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-12-06 104064]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]
S4 agp440;Intel AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Driver for AMD AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 3CXVoIPClientTunnel;3CX VoIP Client Tunnel; C:\Programfiler\3CX VoIP Client\3CXTunnel.exe [2008-04-14 970752]
R2 6to4;IPv6-hjelpetjeneste; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Bonjour Service;Bonjour-tjeneste; C:\Programfiler\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 btwdins;Bluetooth Service; C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe [2004-04-02 163840]
R2 InoRPC;eTrust Antivirus RPC Server; C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe [2003-02-13 144864]
R2 InoRT;eTrust Antivirus Realtime Server; C:\Programfiler\CA\eTrust Antivirus\InoRT.exe [2003-02-13 230880]
R2 InoTask;eTrust Antivirus Job Server; C:\Programfiler\CA\eTrust Antivirus\InoTask.exe [2003-02-13 234976]
R2 Irmon;Infrarød overvåking; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 LogWatch;Event Log Watch; C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
R2 Norman ZANDA;Norman ZANDA; C:\NORMAN\bin\zanda.exe [2005-09-06 176128]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R3 iPod Service;iPod-tjeneste; C:\Programfiler\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 CA_LIC_CLNT;CA License Client; C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;CA License Server; C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-23 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NipSvc;Norman API-hooking helper; C:\NORMAN\Nvc\BIN\nipsvc.exe []
S3 Norman NJeeves;Norman NJeeves; C:\NORMAN\bin\NJEEVES.EXE [2005-01-12 143360]
S3 UPnPService;UPnPService; C:\Programfiler\Fellesfiler\MAGIX Shared\UPnPService\UPnPService.exe [2005-11-08 647242]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader-tjeneste; C:\Programfiler\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programfiler\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-10-05 22:08:55
======Uninstall list======
-->C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programfiler\Fellesfiler\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3CX VoIP Client-->MsiExec.exe /I{39DF0B7C-6BAE-47CE-9513-78E75843D6C1}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.1.0 - Norsk-->MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agere Systems AC'97 Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Belkin 11Mbps Wireless Notebook Network Adapter-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{D9CFF910-6B4D-434A-85E8-F8A385140174}\Setup.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CA eTrust Antivirus-->C:\WINDOWS\IsUninst.exe -f"C:\Programfiler\CA\eTrust Antivirus\Uninst.isu" -c"C:\Programfiler\CA\eTrust Antivirus\InoSetup.dll"
devolo dLAN Configuration Wizard-->C:\Programfiler\devolo\setup.exe /remove:dlanconf
devolo EasyClean-->C:\Programfiler\devolo\setup.exe /remove:easyclean
devolo EasyShare-->C:\Programfiler\devolo\setup.exe /remove:easyshare
devolo Informer-->C:\Programfiler\devolo\setup.exe /remove:dslmon
DivX Codec-->C:\Programfiler\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programfiler\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programfiler\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Free RAR Extract Frog 1.00-->C:\Programfiler\Free RAR Extract Frog\uninstall.exe
Fujitsu Hotkey Utility-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{6F5746DF-18E9-4E35-9032-D5F551E7CD5A}\setup.exe"
Fujitsu Siemens Computers Bluetooth Software-->MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
Garmin City Navigator Europe NT 2008 Update-->MsiExec.exe /X{F89078FA-D069-462D-AB34-75483E0A38F1}
Garmin POI Loader-->MsiExec.exe /X{80A2A967-C1B7-412D-B2B2-C4A33209C205}
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\programfiler\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hurtigreparasjon for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
InterVideo WinDVD-->"C:\Programfiler\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Lifebook Application Panel-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{44065383-B953-11D6-B1DF-00000E5F1C10}\setup.exe"
Malwarebytes' Anti-Malware-->"C:\Programfiler\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework (Norwegian) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1044)
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M9283671044\M9283671044Uninstall.msp"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync 3.8-->"C:\WINDOWS\ISUNINST.EXE" -f"C:\Programfiler\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Programfiler\Microsoft ActiveSync\ceuninst.dll"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Mozilla Firefox (3.0.1)-->C:\Programfiler\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 3.57-->MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
MP3 Player Utilities-->MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero OEM-->C:\Programfiler\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 SE-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Oppdatering for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Pylon Anywhere PC Software-->MsiExec.exe /X{BCDDB9D5-8818-420A-B276-5A140639019E}
Påloggingsassistent for Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Programfiler\Fellesfiler\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Skype 2.5-->"C:\Programfiler\Skype\Phone\unins000.exe"
Sony Ericsson MMS Home Studio-->MsiExec.exe /X{7828342A-B269-4387-9A2B-84AF300F0983}
Spybot - Search & Destroy 1.3-->"C:\Programfiler\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Programfiler\Spybot - Search & Destroy\unins001.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Programfiler\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Fotogalleri-->MsiExec.exe /X{F8A982AA-8114-4293-BE8E-0DC07D96134E}
Windows Live installer-->MsiExec.exe /X{4218D9DC-282B-4596-BEA5-F20560C14400}
Windows Live Mail-->MsiExec.exe /I{29CB1674-DE1D-4D39-A871-FA0194FC58E9}
Windows Live Messenger-->MsiExec.exe /X{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}
Windows Live Writer-->MsiExec.exe /X{B2F5D5EC-C3DD-4A8B-8E9B-C4426FCF19E6}
Windows Media Format Runtime-->"C:\Programfiler\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programfiler\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Norman Virus Control ver. 5.80 (outdated)
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\CA\SHARED~1\SCANEN~1;C:\PROGRA~1\CA\ETRUST~1;C:\Programfiler\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"AVENGINE"=C:\PROGRA~1\CA\SHARED~1\SCANEN~1
"INOCULAN"=C:\PROGRA~1\CA\ETRUST~1
"CLASSPATH"=.;C:\Programfiler\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Programfiler\Java\jre1.6.0_05\lib\ext\QTJava.zip
-----------------EOF-----------------
Thank you :)
Now let's remove Norman remnants.
We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
Open HijackThis, click do a system scan only and checkmark this:
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\bin\ZLH.EXE /LOAD /SPLASH
Close all windows including browser and press fix checked.
Reboot.
Copy text below to Notepad and save it as remnorman.bat (save it as all files, *.*)
@ECHO OFF
sc stop NipSvc
sc delete NipSvc
sc stop "Norman NJeeves"
sc delete "Norman NJeeves"
sc stop "Norman ZANDA"
sc delete "Norman ZANDA"
del C:\NORMAN /s /q
It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/bat.JPG
Doubleclick remnorman.bat; black dos windows will flash, that's normal.
Reboot.
Post back a fresh HijackThis log, please.
JF Pedersen
2008-10-08, 09:46
Hi
I just wanted to let you know that I'm on the road and unable to finalize the process until I'm back. It will at the latest be on Friday.
Regards
Jan-Frode
Thank you for information :)
JF Pedersen
2008-10-08, 18:21
Hi, and many thanks for your time and patience!!!
Here are the new logs:
Regards
Jan
Logfile of random's system information tool 1.04 (written by random/random)
Run by Jan Frode Pedersen at 2008-10-08 17:19:25
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (46%) free of 40 GB
Total RAM: 502 MB (30% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:19:37, on 08.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\ltmoh\Ltmoh.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programfiler\Skype\Phone\Skype.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe
C:\WINDOWS\AntSwitch.exe
C:\Programfiler\Fujitsu Siemens\Bluetooth Software\BTTray.exe
C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe
C:\Programfiler\3CX VoIP Client\3CXTunnel.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe
C:\Programfiler\CA\eTrust Antivirus\InoRT.exe
C:\Programfiler\CA\eTrust Antivirus\InoTask.exe
C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\PROGRA~1\FUJITS~1\BLUETO~1\BTSTAC~1.EXE
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jan Frode Pedersen\Skrivebord\RSIT.exe
C:\Programfiler\Trend Micro\HijackThis\Jan Frode Pedersen.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettavisen.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.112:8020
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programfiler\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SNM] C:\Programfiler\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [3CXPhone] "C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AntSwitch.lnk = C:\WINDOWS\AntSwitch.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pylon Anywhere Client.lnk = C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxvpn.cab#version=6010,2007,0223,0327
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\JANFRO~1\LOKALE~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://nw-fp-001.asplogon.com/vdesk/terminal/urTermProxy.cab#version=6010,2007,0223,0314
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - https://nw-fp-001.asplogon.com/vdesk/terminal/msrdp.cab#version=5,2,3790,0
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - http://10.2.8.241/en/SyncInstall.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://146.59.90.200/activex/AxisCamControl.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxshost.cab#version=6010,2007,0223,0320
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://nw-fp-001.asplogon.com/vdesk/terminal/urxhost.cab#version=6010,2007,0223,0312
O23 - Service: 3CX VoIP Client Tunnel (3CXVoIPClientTunnel) - 3CX Software Ltd. - C:\Programfiler\3CX VoIP Client\3CXTunnel.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: UPnPService - Unknown owner - C:\Programfiler\Fellesfiler\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 11687 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Påloggingshjelp for Windows Live - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\programfiler\google\googletoolbar2.dll [2007-11-23 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-20 734704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\programfiler\google\googletoolbar2.dll [2007-11-23 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe [2004-01-22 98304]
"SynTPEnh"=C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe [2004-01-22 495616]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-10-02 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-10-02 118784]
"IndicatorUtility"=C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2003-11-13 81920]
"LoadFujitsuQuickTouch"=C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe [2002-08-29 353792]
"LoadBtnHnd"=C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe [2002-08-27 61440]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-09-24 88363]
"LtMoh"=C:\Programfiler\ltmoh\Ltmoh.exe [2003-09-06 184320]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe []
"Realtime Monitor"=C:\PROGRA~1\CA\ETRUST~1\realmon.exe [2003-02-13 493024]
"QuickTime Task"=C:\Programfiler\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Programfiler\iTunes\iTunesHelper.exe [2008-09-10 289576]
"SNM"=C:\Programfiler\SpyNoMore\SNM.exe /startup []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE [2005-01-04 405583]
"Skype"=C:\Programfiler\Skype\Phone\Skype.exe [2006-11-24 20058152]
"swg"=C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-23 68856]
"3CXPhone"=C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe [2008-04-15 2759680]
C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart
AntSwitch.lnk - C:\WINDOWS\AntSwitch.exe
BTTray.lnk - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\BTTray.exe
Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE
Pylon Anywhere Client.lnk - C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-02 319488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"="C:\Programfiler\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe"="C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe"="C:\Programfiler\Sybase\Pylon Anywhere\Clients\ClientShell.exe:*:Enabled:ClientShell - Client"
"C:\Programfiler\LeechFTP\Leechftp.exe"="C:\Programfiler\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Messenger\msmsgs.exe"="C:\Programfiler\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programfiler\Azureus\Azureus.exe"="C:\Programfiler\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe"="C:\Programfiler\3CX VoIP Client\3CXVoIPClient.exe:*:Enabled:3CX VoIP Client Application"
"C:\Programfiler\Internet Explorer\iexplore.exe"="C:\Programfiler\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Programfiler\devolo\informer\devinf.exe"="C:\Programfiler\devolo\informer\devinf.exe:*:Enabled:devolo Informer"
"C:\Programfiler\devolo\easyshare\easyshare.exe"="C:\Programfiler\devolo\easyshare\easyshare.exe:*:Enabled:devolo EasyShare"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programfiler\Bonjour\mDNSResponder.exe"="C:\Programfiler\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programfiler\iTunes\iTunes.exe"="C:\Programfiler\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programfiler\Skype\Phone\Skype.exe"="C:\Programfiler\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
======List of files/folders created in the last 1 months======
2008-10-03 20:35:09 ----D---- C:\_OTMoveIt
2008-10-03 17:19:40 ----D---- C:\rsit
2008-10-03 16:33:26 ----D---- C:\Documents and Settings\Jan Frode Pedersen\Programdata\Malwarebytes
2008-10-03 16:33:22 ----D---- C:\Programfiler\Malwarebytes' Anti-Malware
2008-10-03 16:33:22 ----D---- C:\Documents and Settings\All Users\Programdata\Malwarebytes
2008-10-02 19:38:55 ----D---- C:\Programfiler\Trend Micro
2008-10-02 17:59:31 ----A---- C:\WINDOWS\SoundCon.INI
2008-10-02 17:59:31 ----A---- C:\WINDOWS\fwupgrade.ini
2008-10-02 17:59:31 ----A---- C:\WINDOWS\Disktool.INI
2008-10-01 21:10:03 ----D---- C:\Programfiler\SDHelper (Spybot - Search & Destroy)
2008-10-01 19:41:44 ----D---- C:\Programfiler\SAV
2008-09-25 21:27:01 ----D---- C:\Programfiler\TeaTimer (Spybot - Search & Destroy)
2008-09-25 18:18:42 ----D---- C:\Programfiler\Apple Software Update
2008-09-25 18:16:36 ----D---- C:\Programfiler\iPod
2008-09-25 18:16:19 ----D---- C:\Programfiler\iTunes
2008-09-25 18:16:19 ----D---- C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-25 18:13:10 ----D---- C:\Programfiler\QuickTime
2008-09-25 18:05:49 ----D---- C:\Programfiler\Bonjour
2008-09-20 16:55:20 ----D---- C:\arkiv
2008-09-20 16:43:40 ----D---- C:\Programfiler\Free RAR Extract Frog
2008-09-11 16:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
======List of files/folders modified in the last 1 months======
2008-10-08 17:19:35 ----D---- C:\WINDOWS\Prefetch
2008-10-08 17:16:57 ----D---- C:\WINDOWS\Temp
2008-10-08 17:16:32 ----D---- C:\Programfiler\3CX VoIP Client
2008-10-08 17:15:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-06 18:13:07 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-05 22:04:19 ----SHD---- C:\WINDOWS\Installer
2008-10-05 22:04:14 ----D---- C:\Garmin
2008-10-04 07:36:43 ----D---- C:\Temp
2008-10-03 20:35:09 ----RD---- C:\Programfiler
2008-10-03 18:22:19 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-03 17:17:59 ----D---- C:\WINDOWS\system32
2008-10-03 16:33:49 ----D---- C:\WINDOWS\system32\drivers
2008-10-02 19:32:30 ----D---- C:\WINDOWS
2008-10-02 18:51:34 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-02 18:50:44 ----D---- C:\Programfiler\IDAutomation.com Code 39 Font Advantage Package DEMO
2008-10-02 18:50:02 ----D---- C:\WINDOWS\system32\MAGIX
2008-10-02 18:49:23 ----HD---- C:\WINDOWS\inf
2008-10-02 18:47:59 ----D---- C:\MAGIX
2008-10-02 18:08:25 ----D---- C:\Programfiler\Mozilla Firefox
2008-10-02 16:15:35 ----A---- C:\WINDOWS\imsins.BAK
2008-10-01 23:02:38 ----D---- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy
2008-10-01 22:19:41 ----D---- C:\Programfiler\Spybot - Search & Destroy
2008-10-01 20:56:24 ----D---- C:\WINDOWS\Minidump
2008-10-01 19:44:50 ----D---- C:\Documents and Settings\Jan Frode Pedersen\Programdata\Azureus
2008-10-01 17:01:11 ----D---- C:\Documents and Settings\Jan Frode Pedersen\Programdata\Skype
2008-09-28 14:37:36 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-25 18:18:44 ----SD---- C:\WINDOWS\Tasks
2008-09-25 18:17:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-25 18:13:31 ----D---- C:\Programfiler\Fellesfiler\Apple
2008-09-17 17:28:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-16 16:53:34 ----D---- C:\WINDOWS\Help
2008-09-11 16:37:33 ----D---- C:\WINDOWS\WinSxS
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel-prosessordriver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Tastatur-HID-driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Tcpip6;Microsoft IPv6-protokolldriver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 BtnHnd;BtnHnd; \??\C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.sys []
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\System32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\System32\drivers\btslbcsp.sys []
R2 INO_FLTR;INO_FLTR; \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys []
R2 irda;IrDA-protokoll; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo); C:\WINDOWS\system32\drivers\npf_devolo.sys [2007-02-07 35840]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibel transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-16 63232]
R2 NwlnkSpx;NWLink SPX/SPXII-protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-16 55936]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
R3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164; C:\WINDOWS\system32\drivers\A302.sys [2003-10-08 11831]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-09-24 1197740]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-11-21 113152]
R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2004-04-02 16896]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2004-04-02 30235]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2004-04-02 43603]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-04-02 53336]
R3 CmBatt;Driver for batteri med Microsoft ACPI-kontrollmetode; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\System32\DRIVERS\FUJ02B1.sys [2001-08-02 5248]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%; C:\WINDOWS\System32\Drivers\FUJ02E1.sys [2001-09-07 6000]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-10-08 93979]
R3 mouhid;HID-driver for mus; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-06 12160]
R3 Rasirda;WAN-miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-09-16 5888]
R3 SMCIRDA;SMC IrCC-miniportenhetsdriver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-10-06 35913]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-03-02 210992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2004-01-22 178816]
R3 tunmp;Microsoft Tun Miniport-kortdriver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 urvpndrv;F5 Networks VPN Adapter; C:\WINDOWS\system32\DRIVERS\urvpndrv.sys [2007-02-23 28160]
R3 usbehci;Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Driver for standard Microsoft USB-hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniportdriver for Microsoft USB universell vertskontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w22n51;Intel(R) PRO/Wireless 2200 Adapter-driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-03-08 1657344]
S3 ac97intc;Installasjonstjeneste for Intel(r) 82801-lyddriver (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BRIDGE;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2004-04-02 147864]
S3 f5ipfw;F5 Networks StoneWall Filter; \??\C:\WINDOWS\system32\drivers\urfltw2k.sys []
S3 gv3;Intel GV3-prosessordriver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-20 33408]
S3 HidUsb;Microsoft HID-klassedriver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 NIC1394;1394-nettverksdriver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Driver for Network Monitor; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NSCIRDA;NSC infrarød enhetsdriver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PCMCIABKPCMXP;Belkin 11Mbps Wireless Notebook Network Adapter; C:\WINDOWS\system32\DRIVERS\bkpcmxp.sys [2002-08-29 72832]
S3 rtl8139;Realtek RTL8139(A/B/C)-basert PCI Fast Ethernet-kort NT-driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 usbaudio;USB-lyddriver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB generell overordnet driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB-masselagringsenhet; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-12-06 104064]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]
S4 agp440;Intel AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Driver for AMD AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP-bussfilter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 3CXVoIPClientTunnel;3CX VoIP Client Tunnel; C:\Programfiler\3CX VoIP Client\3CXTunnel.exe [2008-04-14 970752]
R2 6to4;IPv6-hjelpetjeneste; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Bonjour Service;Bonjour-tjeneste; C:\Programfiler\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 btwdins;Bluetooth Service; C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe [2004-04-02 163840]
R2 InoRPC;eTrust Antivirus RPC Server; C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe [2003-02-13 144864]
R2 InoRT;eTrust Antivirus Realtime Server; C:\Programfiler\CA\eTrust Antivirus\InoRT.exe [2003-02-13 230880]
R2 InoTask;eTrust Antivirus Job Server; C:\Programfiler\CA\eTrust Antivirus\InoTask.exe [2003-02-13 234976]
R2 Irmon;Infrarød overvåking; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 LogWatch;Event Log Watch; C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R3 iPod Service;iPod-tjeneste; C:\Programfiler\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 CA_LIC_CLNT;CA License Client; C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;CA License Server; C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-23 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 UPnPService;UPnPService; C:\Programfiler\Fellesfiler\MAGIX Shared\UPnPService\UPnPService.exe [2005-11-08 647242]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader-tjeneste; C:\Programfiler\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programfiler\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-10-08 17:19:42
======Uninstall list======
-->C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programfiler\Fellesfiler\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3CX VoIP Client-->MsiExec.exe /I{39DF0B7C-6BAE-47CE-9513-78E75843D6C1}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.1.0 - Norsk-->MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agere Systems AC'97 Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Belkin 11Mbps Wireless Notebook Network Adapter-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{D9CFF910-6B4D-434A-85E8-F8A385140174}\Setup.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CA eTrust Antivirus-->C:\WINDOWS\IsUninst.exe -f"C:\Programfiler\CA\eTrust Antivirus\Uninst.isu" -c"C:\Programfiler\CA\eTrust Antivirus\InoSetup.dll"
devolo dLAN Configuration Wizard-->C:\Programfiler\devolo\setup.exe /remove:dlanconf
devolo EasyClean-->C:\Programfiler\devolo\setup.exe /remove:easyclean
devolo EasyShare-->C:\Programfiler\devolo\setup.exe /remove:easyshare
devolo Informer-->C:\Programfiler\devolo\setup.exe /remove:dslmon
DivX Codec-->C:\Programfiler\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programfiler\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programfiler\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Free RAR Extract Frog 1.00-->C:\Programfiler\Free RAR Extract Frog\uninstall.exe
Fujitsu Hotkey Utility-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{6F5746DF-18E9-4E35-9032-D5F551E7CD5A}\setup.exe"
Fujitsu Siemens Computers Bluetooth Software-->MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
Garmin City Navigator Europe NT 2008 Update-->MsiExec.exe /X{F89078FA-D069-462D-AB34-75483E0A38F1}
Garmin POI Loader-->MsiExec.exe /X{80A2A967-C1B7-412D-B2B2-C4A33209C205}
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\programfiler\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hurtigreparasjon for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
InterVideo WinDVD-->"C:\Programfiler\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Lifebook Application Panel-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{44065383-B953-11D6-B1DF-00000E5F1C10}\setup.exe"
Malwarebytes' Anti-Malware-->"C:\Programfiler\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework (Norwegian) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1044)
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M9283671044\M9283671044Uninstall.msp"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync 3.8-->"C:\WINDOWS\ISUNINST.EXE" -f"C:\Programfiler\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Programfiler\Microsoft ActiveSync\ceuninst.dll"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Mozilla Firefox (3.0.1)-->C:\Programfiler\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 3.57-->MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
MP3 Player Utilities-->MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero OEM-->C:\Programfiler\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 SE-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Oppdatering for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Pylon Anywhere PC Software-->MsiExec.exe /X{BCDDB9D5-8818-420A-B276-5A140639019E}
Påloggingsassistent for Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Programfiler\Fellesfiler\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Skype 2.5-->"C:\Programfiler\Skype\Phone\unins000.exe"
Sony Ericsson MMS Home Studio-->MsiExec.exe /X{7828342A-B269-4387-9A2B-84AF300F0983}
Spybot - Search & Destroy 1.3-->"C:\Programfiler\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Programfiler\Spybot - Search & Destroy\unins001.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Programfiler\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Fotogalleri-->MsiExec.exe /X{F8A982AA-8114-4293-BE8E-0DC07D96134E}
Windows Live installer-->MsiExec.exe /X{4218D9DC-282B-4596-BEA5-F20560C14400}
Windows Live Mail-->MsiExec.exe /I{29CB1674-DE1D-4D39-A871-FA0194FC58E9}
Windows Live Messenger-->MsiExec.exe /X{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}
Windows Live Writer-->MsiExec.exe /X{B2F5D5EC-C3DD-4A8B-8E9B-C4426FCF19E6}
Windows Media Format Runtime-->"C:\Programfiler\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programfiler\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
=====HijackThis Backups=====
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\bin\ZLH.EXE /LOAD /SPLASH
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Norman Virus Control ver. 5.80 (outdated)
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\CA\SHARED~1\SCANEN~1;C:\PROGRA~1\CA\ETRUST~1;C:\Programfiler\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"AVENGINE"=C:\PROGRA~1\CA\SHARED~1\SCANEN~1
"INOCULAN"=C:\PROGRA~1\CA\ETRUST~1
"CLASSPATH"=.;C:\Programfiler\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Programfiler\Java\jre1.6.0_05\lib\ext\QTJava.zip
-----------------EOF-----------------
That looks good :)
Still problems?
JF Pedersen
2008-10-08, 19:05
No problems anymore at all!:D:
I really appreciate your help, thanks for sorting out my problems. It's great to have you guys helping us mortals against the evil forces! :bigthumb:
Best Regards
Jan
Great :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
You can fix these, they are leftovers:
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) Comodo (http://www.personalfirewall.comodo.com/) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) PC Tools (http://www.pctools.com/firewall/download/)
4) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Please download JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***
Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.
Then download and install Java Runtime Environment (JRE) 6 Update 7 (http://java.sun.com/javase/downloads/index.jsp).
Next we remove all used tools.
You can delete rsit, remnorman.bat and c:\rsit folder
Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.
Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)
Happy surfing and stay clean! :bigthumb:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.