Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: itunes in task manager, nowhere else. parite-something removed recently using s&d

  1. #11
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi berliner

    this looks like a small "typo"

    it´s manager32.exe ....not "anager32.exe"

    FileLook.exe v2.0 by jpshortstuff
    Log created at 16:09 on 16/03/2009
    ==================================
    FileLook - "anager32.exe"

    Unable to find file.

    ==============================

    =EOF=
    Please do it again

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  2. #12
    Junior Member
    Join Date
    Mar 2009
    Posts
    11

    Default

    Hi.

    "anager32.exe" is what it answers when i ask for "manager32.exe"

    When i ask for "mmanager32.exe" it answers "manager32.exe"

    ...


    Quote Originally Posted by peku006 View Post
    Hi berliner

    this looks like a small "typo"

    it´s manager32.exe ....not "anager32.exe"



    Please do it again

    Thanks peku006

  3. #13
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi berliner
    hmm...not found.......det va som ... !

    Let us take a deeper look.

    Please download OTScanIt2 from Geeks to Go or Bleeping Computer. Save it to your desktop.

    1. Double click on OTScanIt2.exe to run it.
    2. Click on Extract. Once done, you will be prompted. Click OK and click Close.
    3. Double click on the OTScanIt2 folder. Double click on OTScanIt2.exe to run it.
    4. Under Rookit Search, select Yes.
    5. Click on Run Scan at the top left hand corner.
    6. When done, Notepad will open. Please post this log in your next reply.


    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  4. #14
    Junior Member
    Join Date
    Mar 2009
    Posts
    11

    Default

    Code:
    OTScanIt2 logfile created on: 16.03.2009 20:20:53 - Run 1
    OTScanIt2 by OldTimer - Version 1.0.8.0     Folder = C:\Documents and Settings\Kødde\OTScanIt2
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy
     
    1023,47 Mb Total Physical Memory | 412,64 Mb Available Physical Memory | 40,32% Memory free
    1,65 Gb Paging File | 1,20 Gb Available in Paging File | 72,58% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536;
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
    Drive C: | 29,29 Gb Total Space | 12,81 Gb Free Space | 43,74% Space Free | Partition Type: NTFS
    Drive D: | 48,83 Gb Total Space | 48,64 Gb Free Space | 99,61% Space Free | Partition Type: NTFS
    Drive E: | 108,18 Gb Total Space | 77,30 Gb Free Space | 71,46% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive G: | 149,00 Gb Total Space | 1,23 Gb Free Space | 0,83% Space Free | Partition Type: FAT32
    Drive H: | 17,58 Gb Total Space | 0,64 Gb Free Space | 3,62% Space Free | Partition Type: NTFS
    Drive I: | 10,36 Gb Total Space | 5,67 Gb Free Space | 54,69% Space Free | Partition Type: NTFS
     
    Computer Name: CHRISTIAN
    Current User Name: Kødde
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: Current user
    Whitelist: On
    File Age = 30 Days
     
    [Processes - Safe List]
    applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008.11.07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
    avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> [2007.10.23 18:04:50 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.)
    avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> [2009.02.25 11:00:50 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.)
    avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> [2007.12.20 18:51:53 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.)
    avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> [2007.09.26 15:02:53 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.)
    dkservice.exe -> E:\Programmer\Diskeeper\DkService.exe -> [2005.11.23 06:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation)
    explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008.04.14 17:22:49 | 01,033,728 | ---- | M] (Microsoft Corporation)
    firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009.03.09 18:02:36 | 00,307,704 | ---- | M] (Mozilla Corporation)
    ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2009.01.06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.)
    itunes.exe -> %ProgramFiles%\iTunes\iTunes.exe -> [2009.01.06 13:06:28 | 14,294,824 | ---- | M] (Apple Inc.)
    ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2009.01.06 13:06:36 | 00,290,088 | ---- | M] (Apple Inc.)
    jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009.03.11 11:21:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
    jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009.03.11 11:21:42 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
    mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008.08.29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
    nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2008.05.16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation)
    otscanit2.exe -> %UserProfile%\OTScanIt2\OTScanIt2.exe -> [2009.02.19 11:15:40 | 00,489,984 | ---- | M] (OldTimer Tools)
    raconfig2500.exe -> %ProgramFiles%\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe -> [2005.01.20 14:14:58 | 00,536,576 | ---- | M] (Ralink Technology, Corp.)
    uaservice7.exe -> %SystemRoot%\system32\UAService7.exe -> [2005.09.02 16:24:06 | 00,126,976 | ---- | M] ()
    wscntfy.exe -> %SystemRoot%\system32\wscntfy.exe -> [2008.04.14 17:23:18 | 00,013,824 | ---- | M] (Microsoft Corporation)
     
    [Win32 Services - Safe List]
    (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008.11.07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
    (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004.07.15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
    (Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> [2007.10.23 18:04:50 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.)
    (Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> [2007.09.26 15:02:53 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.)
    (AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> [2007.12.20 18:51:53 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.)
    (Bonjour Service) Bonjour-tjeneste [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008.08.29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
    (Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> E:\Programmer\Diskeeper\DkService.exe -> [2005.11.23 06:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation)
    (FileZilla Server) FileZilla Server FTP server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\FileZilla Server\FileZilla Server.exe -> [2009.03.03 11:19:28 | 00,691,200 | ---- | M] (FileZilla Project)
    (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008.04.14 17:22:17 | 00,038,400 | ---- | M] (Microsoft Corporation)
    (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005.04.04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
    (iPod Service) iPod-tjeneste [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2009.01.06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.)
    (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009.03.11 11:21:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
    (NipSvc) Norman API-hooking helper [Win32_Own | On_Demand | Stopped] ->  -> File not found
    (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2008.05.16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation)
    (UserAccess7) SecuROM User Access Service (V7) [Win32_Own | Auto | Running] -> %SystemRoot%\system32\UAService7.exe -> [2005.09.02 16:24:06 | 00,126,976 | ---- | M] ()
    (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006.11.15 09:46:18 | 00,914,944 | ---- | M] (Microsoft Corporation)
     
    [Driver Services - Safe List]
    (AegisP) AEGIS Protocol (IEEE 802.1x) v3.1.6.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\AegisP.sys -> [2009.02.06 10:55:13 | 00,017,119 | ---- | M] (Meetinghouse Data Communications)
    (ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXSENS.SYS -> [2004.02.24 04:08:52 | 00,400,384 | ---- | M] (Sensaura)
    (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> [2004.06.21 09:53:20 | 00,626,204 | ---- | M] (Realtek Semiconductor Corp.)
    (AmdK8) AMD Athlon64 Processor Driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\AmdK8.sys -> [2003.11.07 05:00:00 | 00,035,328 | R--- | M] (Advanced Micro Devices)
    (Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avg7core.sys -> [2007.10.23 18:04:48 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.)
    (Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avg7rsw.sys -> [2007.09.26 15:02:57 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.)
    (Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avg7rsxp.sys -> [2007.09.26 15:02:57 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.)
    (AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avgclean.sys -> [2007.12.20 18:51:53 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.)
    (AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\System32\Drivers\avgtdi.sys -> [2007.09.26 15:02:58 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.)
    (cdrbsdrv) cdrbsdrv [Kernel | System | Running] -> %SystemRoot%\System32\drivers\CDRBSDRV.SYS -> [2004.03.08 12:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation)
    (dtscsi) dtscsi [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\dtscsi.sys -> [2006.02.03 10:14:52 | 00,223,128 | ---- | M] (DT Soft Ltd.)
    (ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ENTECH.sys -> [1999.10.21 09:12:52 | 00,020,400 | ---- | M] (EnTech Taiwan)
    (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\GEARAspiWDM.sys -> [2008.04.17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)
    (Jukebox3) Jukebox3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\ctpdusb.sys -> [2004.09.30 00:27:00 | 00,016,880 | ---- | M] (Creative Technology Ltd.)
    (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\nv4_mini.sys -> [2008.05.16 13:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation)
    (nvatabus) nvatabus [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvatabus.sys -> [2004.06.03 09:40:46 | 00,079,360 | ---- | M] (NVIDIA Corporation)
    (NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\NVENETFD.sys -> [2005.04.06 03:22:28 | 00,033,536 | ---- | M] (NVIDIA Corporation)
    (nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\nvnetbus.sys -> [2004.05.17 13:00:54 | 00,012,928 | ---- | M] (NVIDIA Corporation)
    (nv_agp) NVIDIA nForce AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\nv_agp.sys -> [2003.10.29 12:02:00 | 00,021,120 | ---- | M] (NVIDIA Corporation)
    (Ptilink) Direkte parallell koblingsdriver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ptilink.sys -> [2001.10.09 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
    (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\PxHelp20.sys -> [2007.03.08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions)
    (QV2KUX) Casio digitalt kamera [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\qv2kux.sys -> [2001.08.17 20:53:32 | 00,003,328 | ---- | M] (Microsoft Corporation)
    (ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\RootMdm.sys -> [2001.10.09 13:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation)
    (RT2500) RT2500 Wireless Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\RT2500.sys -> [2004.12.15 19:12:04 | 00,218,368 | ---- | M] (Ralink Technology Inc.)
    (RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\Rtlnic51.sys -> [2003.12.31 10:58:46 | 00,069,504 | ---- | M] (Realtek Semiconductor Corporation                           )
    (RTL8023xp) Realtek 10/100/1000 PCI NIC Family NDIS XP Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\Rtnicxp.sys -> [2006.12.14 15:44:06 | 00,085,120 | ---- | M] (Realtek Semiconductor Corporation                           )
    (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\System32\DRIVERS\secdrv.sys -> [2007.11.13 11:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    (sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sfdrv01.sys -> [2005.08.10 13:44:04 | 00,050,688 | ---- | M] (Protection Technology)
    (sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sfhlp02.sys -> [2005.05.16 14:20:39 | 00,006,656 | ---- | M] (Protection Technology)
    (sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sfsync02.sys -> [2005.08.10 15:06:28 | 00,019,968 | ---- | M] (Protection Technology)
    (sfvfs02) StarForce Protection VFS Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sfvfs02.sys -> [2005.09.29 18:01:51 | 00,066,048 | ---- | M] (Protection Technology)
    (SONYPVU1) Sony USB-filterdriver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\SONYPVU1.SYS -> [2001.08.17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation)
    (sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\sptd.sys -> [2006.02.02 23:57:11 | 00,642,560 | ---- | M] ()
    (StMp3Rec) Player Recovery Device Control Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\StMp3Rec.sys -> [2007.06.15 10:49:30 | 00,019,840 | R--- | M] (Generic)
    (USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\usbaapl.sys -> [2008.11.07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.)
     
    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
    HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
    HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
    HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.no/ -> 
    HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
    HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
    < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
    HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
    HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
    HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.no/ -> 
    HKEY_CURRENT_USER\: SearchURL\\"provider" ->  -> 
    HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
    HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
    < FireFox Settings [Default Profile] > -> C:\Documents and Settings\Kødde\Programdata\Mozilla\FireFox\Profiles\aa4fg579.default\prefs.js -> 
    browser.startup.homepage -> "www.google.no" ->
    browser.startup.homepage_override.mstone -> "rv:1.9.0.7" ->
    extensions.enabledItems -> {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.4 ->
    extensions.enabledItems -> {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.7.8 ->
    extensions.enabledItems -> {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207 ->
    extensions.enabledItems -> jqs@sun.com:1.0 ->
    extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 ->
    extensions.enabledItems -> treestyletab@piro.sakura.ne.jp:0.7.2009021201 ->
    extensions.enabledItems -> {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 ->
    extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7 ->
    < HOSTS File > (686 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
    127.0.0.1 localhost
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008.06.11 22:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009.01.26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
    {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009.03.11 11:21:42 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
    {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009.03.11 11:21:42 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
    < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    ShellBrowser\\"{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "AVG7_CC" -> \PROGRA~1\Grisoft\AVG7\avgcc.exe [C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP] -> [2009.02.25 11:00:50 | 00,590,848 | ---- | M] ()
    "DiskeeperSystray" -> E:\Programmer\Diskeeper\DkIcon.exe ["E:\Programmer\Diskeeper\DkIcon.exe"] -> [2005.11.22 16:38:20 | 00,221,184 | ---- | M] (Diskeeper Corporation)
    "iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Programfiler\iTunes\iTunesHelper.exe"] -> [2009.01.06 13:06:36 | 00,290,088 | ---- | M] (Apple Inc.)
    "NvCplDaemon" -> %SystemRoot%\system32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008.05.16 13:01:00 | 13,529,088 | ---- | M] (NVIDIA Corporation)
    "QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Programfiler\QuickTime\QTTask.exe" -atboottime] -> [2009.01.05 16:18:48 | 00,413,696 | ---- | M] (Apple Inc.)
    "SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Programfiler\Java\jre6\bin\jusched.exe"] -> [2009.03.11 11:21:42 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
    < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart -> 
    %AllUsersProfile%\Start-meny\Programmer\Oppstart\Ralink Wireless Utility.lnk -> %ProgramFiles%\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe -> [2005.01.20 14:14:58 | 00,536,576 | ---- | M] (Ralink Technology, Corp.)
    < Kødde Startup Folder > -> C:\Documents and Settings\Kødde\Start-meny\Programmer\Oppstart -> 
    < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
    < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"dontdisplaylastusername" ->  [0] -> File not found
    \\"legalnoticecaption" ->  [] -> File not found
    \\"legalnoticetext" ->  [] -> File not found
    \\"shutdownwithoutlogon" ->  [1] -> File not found
    \\"undockwithoutlogon" ->  [1] -> File not found
    < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    \\"NoRecentDocsNetHood" ->  [1] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000] -> [2004.12.06 16:47:08 | 09,166,848 | R--- | M] (Microsoft Corporation)
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009.01.26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
    {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008.04.13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
    {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008.04.14 17:23:00 | 01,695,232 | ---- | M] (Microsoft Corporation)
    {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008.04.14 17:23:00 | 01,695,232 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
    CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
    CmdMapping\\"{461CC20B-FB6E-4f16-8FE8-C29359DB100E}" [HKLM] ->  [Reg Error: Key error.] -> File not found
    CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009.01.26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
    CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008.04.13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
    CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008.04.14 17:23:00 | 01,695,232 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
    PluginsPageFriendlyName -> Microsoft ActiveX-galleri -> 
    PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5442 domain(s) found. -> 
    49 domain(s) and sub-domain(s) not assigned to a zone.
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5443 domain(s) found. -> 
      .[msn] -> Min datamaskin -> 
    www.msi_com.tw [http] -> Klarerte områder -> 
    49 domain(s) and sub-domain(s) not assigned to a zone.
    < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
    {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://www.apple.com/qtactivex/qtplugin.cab [QuickTime Object] -> 
    {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204 [Windows Genuine Advantage Validation Tool] -> 
    {33564D57-9980-0010-8000-00AA00389B71} [HKLM] -> http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab [Reg Error: Key error.] -> 
    {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} [HKLM] -> http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab [Reg Error: Key error.] -> 
    {8167C273-DF59-4416-B647-C8BB2C7EE83E} [HKLM] -> http://liveupdate.msi.com.tw/autobios/LOnline/install.cab [Reg Error: Key error.] -> 
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] -> 
    {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] -> 
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] -> 
    {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Reg Error: Key error.] -> 
    < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
    {401FBD90-72DD-4087-9B0D-ED9765AEEF6D} ->    () -> 
    {66426032-6511-4B65-8BDE-C3424896BAE2} ->    (802.11g Wireless LAN PCI) -> 
    {78A7D52B-06FA-4ADF-BC08-0957AF963A72} ->    (Realtek RTL8169/8110 Family Gigabit Ethernet NIC) -> 
    {A2075401-1236-474A-B26F-EC4BB6D9A1DC} ->    (1394-nettverkskort) -> 
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008.04.14 17:22:49 | 01,033,728 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
    "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008.04.13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008.04.14 17:23:10 | 00,140,800 | ---- | M] (Microsoft Corporation)
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
    "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008.04.13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008.04.14 17:23:10 | 00,140,800 | ---- | M] (Microsoft Corporation)
    "C:\Programfiler\BitComet\BitComet.exe" -> C:\Programfiler\BitComet\BitComet.exe [C:\Programfiler\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client] -> File not found
    "C:\Programfiler\Bonjour\mDNSResponder.exe" -> C:\Programfiler\Bonjour\mDNSResponder.exe [C:\Programfiler\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008.08.29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
    "C:\Programfiler\Google\Google Talk\googletalk.exe" -> C:\Programfiler\Google\Google Talk\googletalk.exe [C:\Programfiler\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> File not found
    "C:\Programfiler\Grisoft\AVG7\avgamsvr.exe" -> C:\Programfiler\Grisoft\AVG7\avgamsvr.exe [C:\Programfiler\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> [2007.10.23 18:04:50 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.)
    "C:\Programfiler\Grisoft\AVG7\avgcc.exe" -> C:\Programfiler\Grisoft\AVG7\avgcc.exe [C:\Programfiler\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> [2009.02.25 11:00:50 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.)
    "C:\Programfiler\Grisoft\AVG7\avgemc.exe" -> C:\Programfiler\Grisoft\AVG7\avgemc.exe [C:\Programfiler\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe] -> [2007.12.20 18:51:53 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.)
    "C:\Programfiler\Grisoft\AVG7\avginet.exe" -> C:\Programfiler\Grisoft\AVG7\avginet.exe [C:\Programfiler\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> [2008.10.16 16:35:54 | 00,514,560 | ---- | M] (GRISOFT, s.r.o.)
    "C:\Programfiler\iTunes\iTunes.exe" -> C:\Programfiler\iTunes\iTunes.exe [C:\Programfiler\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009.01.06 13:06:28 | 14,294,824 | ---- | M] (Apple Inc.)
    "C:\Programfiler\Kazaa\kazaa.exe" -> C:\Programfiler\Kazaa\kazaa.exe [C:\Programfiler\Kazaa\kazaa.exe:*:Disabled:Kazaa] -> File not found
    "C:\Programfiler\LimeWire\LimeWire.exe" -> C:\Programfiler\LimeWire\LimeWire.exe [C:\Programfiler\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
    "C:\Programfiler\MSI\i-Speeder\i-Speeder.exe" -> C:\Programfiler\MSI\i-Speeder\i-Speeder.exe [C:\Programfiler\MSI\i-Speeder\i-Speeder.exe:*:Enabled:i-Speeder] -> File not found
    "C:\Programfiler\Skype\Phone\Skype.exe" -> C:\Programfiler\Skype\Phone\Skype.exe [C:\Programfiler\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2009.02.04 12:27:34 | 23,975,720 | R--- | M] (Skype Technologies S.A.)
    "C:\Programfiler\Spotify\spotify.exe" -> C:\Programfiler\Spotify\spotify.exe [C:\Programfiler\Spotify\spotify.exe:*:Enabled:Spotify] -> [2009.02.25 20:56:58 | 02,517,888 | ---- | M] (Spotify AB)
    "C:\Programfiler\uTorrent\uTorrent.exe" -> C:\Programfiler\uTorrent\uTorrent.exe [C:\Programfiler\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2009.02.07 01:11:41 | 00,270,128 | ---- | M] (BitTorrent, Inc.)
    "C:\Programfiler\WinMX\WinMX.exe" -> C:\Programfiler\WinMX\WinMX.exe [C:\Programfiler\WinMX\WinMX.exe:*:Enabled:WinMX Application] -> File not found
    "C:\StubInstaller.exe" -> C:\StubInstaller.exe [C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer] -> File not found
    "C:\WINDOWS\system32\cdiodytjqo.exe" -> C:\WINDOWS\system32\cdiodytjqo.exe [C:\WINDOWS\system32\cdiodytjqo.exe:*:Disabled:cdiodytjqo] -> File not found
    "D:\Spill\LOTR\game.dat" -> D:\Spill\LOTR\game.dat [D:\Spill\LOTR\game.dat:*:Disabled:Kampen om Midgard(tm)] -> File not found
    "D:\Spill\Valve\Steam\Steam.exe" -> D:\Spill\Valve\Steam\Steam.exe [D:\Spill\Valve\Steam\Steam.exe:*:Enabled:Steam] -> File not found
    "D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life blue shift\hl.exe" -> D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life blue shift\hl.exe [D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher] -> File not found
    "D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life\hl.exe" -> D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life\hl.exe [D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life\hl.exe:*:Enabled:Half-Life Launcher] -> File not found
    "D:\Spill\Valve\Steam\SteamApps\kjetilss\opposing force\hl.exe" -> D:\Spill\Valve\Steam\SteamApps\kjetilss\opposing force\hl.exe [D:\Spill\Valve\Steam\SteamApps\kjetilss\opposing force\hl.exe:*:Enabled:Half-Life Launcher] -> File not found
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
    "AlternateShell" -> cmd.exe -> 
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 -> 
    "DisplayName" -> CD-ROM-driver -> 
    "ImagePath" -> %SystemRoot%\System32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2008.04.13 19:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
    < Drives with AutoRun files > ->  -> 
    C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\FELLES~1\MUVEET~1\030625 | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2007.01.17 15:50:17 | 00,000,050 | ---- | M] ()
    H:\AUTOEXEC.BAT [] -> H:\AUTOEXEC.BAT [ NTFS ] -> [2008.03.17 11:41:11 | 00,000,000 | ---- | M] ()
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
     
     
    [Files/Folders - Created Within 30 Days]
    OTScanIt2 -> %UserProfile%\OTScanIt2 -> [2009.03.16 20:20:14 | 00,000,000 | ---D | C]
    _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [2009.03.15 23:05:29 | 00,000,000 | ---D | C]
    Malwarebytes -> %AppData%\Malwarebytes -> [2009.03.15 10:35:30 | 00,000,000 | ---D | C]
    mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009.03.15 10:35:29 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
    Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Skrivebord\Malwarebytes' Anti-Malware.lnk -> [2009.03.15 10:35:29 | 00,000,697 | ---- | C] ()
    mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009.03.15 10:35:27 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
    Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009.03.15 10:35:26 | 00,000,000 | ---D | C]
    Malwarebytes -> %AllUsersProfile%\Programdata\Malwarebytes -> [2009.03.15 10:35:26 | 00,000,000 | ---D | C]
    NEU -> %UserProfile%\Skrivebord\NEU -> [2009.03.14 13:34:24 | 00,000,000 | ---D | C]
    Siste -> %UserProfile%\Siste -> [2009.03.14 13:29:36 | 00,000,000 | RH-D | C]
    rsit -> %SystemDrive%\rsit -> [2009.03.13 20:39:47 | 00,000,000 | ---D | C]
    user32.dll -> %SystemRoot%\System32\dllcache\user32.dll -> [2009.03.13 20:15:23 | 00,578,560 | ---- | C] (Microsoft Corporation)
    ERUNT -> %SystemRoot%\ERUNT -> [2009.03.13 20:14:28 | 00,000,000 | ---D | C]
    pss -> %SystemRoot%\pss -> [2009.03.13 20:09:06 | 00,000,000 | ---D | C]
    SDFix -> %SystemDrive%\SDFix -> [2009.03.11 23:08:52 | 00,000,000 | ---D | C]
    .recently-used.xbel -> %UserProfile%\.recently-used.xbel -> [2009.03.11 10:18:48 | 00,046,440 | ---- | C] ()
    SopCast.lnk -> %UserProfile%\Skrivebord\SopCast.lnk -> [2009.03.10 19:26:33 | 00,000,665 | ---- | C] ()
    SopCast -> %ProgramFiles%\SopCast -> [2009.03.10 19:26:32 | 00,000,000 | ---D | C]
    Setup-SopCast-3.0.3-2008-4-30.exe -> %UserProfile%\Skrivebord\Setup-SopCast-3.0.3-2008-4-30.exe -> [2009.03.10 19:25:40 | 03,187,458 | ---- | C] ()
    ERDNT -> %SystemRoot%\ERDNT -> [2009.03.10 14:04:34 | 00,000,000 | ---D | C]
    NTREGOPT.lnk -> %UserProfile%\Skrivebord\NTREGOPT.lnk -> [2009.03.10 13:58:15 | 00,000,612 | ---- | C] ()
    ERUNT.lnk -> %UserProfile%\Skrivebord\ERUNT.lnk -> [2009.03.10 13:58:15 | 00,000,593 | ---- | C] ()
    ERUNT -> %ProgramFiles%\ERUNT -> [2009.03.10 13:58:14 | 00,000,000 | ---D | C]
    HijackThis.lnk -> %UserProfile%\Skrivebord\HijackThis.lnk -> [2009.03.10 13:34:57 | 00,001,731 | ---- | C] ()
    Trend Micro -> %ProgramFiles%\Trend Micro -> [2009.03.10 13:34:57 | 00,000,000 | ---D | C]
    iTunes.lnk -> %AllUsersProfile%\Skrivebord\iTunes.lnk -> [2009.03.10 13:08:09 | 00,002,341 | ---- | C] ()
    iPod -> %ProgramFiles%\iPod -> [2009.03.10 13:07:59 | 00,000,000 | ---D | C]
    {3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> %AllUsersProfile%\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> [2009.03.10 13:07:57 | 00,000,000 | ---D | C]
    QuickTime Player.lnk -> %AllUsersProfile%\Skrivebord\QuickTime Player.lnk -> [2009.03.10 13:07:40 | 00,001,605 | ---- | C] ()
    QuickTime -> %ProgramFiles%\QuickTime -> [2009.03.10 13:07:30 | 00,000,000 | ---D | C]
    Apple Software Update -> %ProgramFiles%\Apple Software Update -> [2009.03.10 13:07:21 | 00,000,000 | ---D | C]
    Apple -> %CommonProgramFiles%\Apple -> [2009.03.10 13:07:11 | 00,000,000 | ---D | C]
    iTunes Library.itl -> %UserProfile%\Mine dokumenter\iTunes Library.itl -> [2009.03.10 12:48:38 | 43,156,928 | ---- | C] ()
    iTunes Library.itl -> %UserProfile%\Skrivebord\iTunes Library.itl -> [2009.03.10 12:48:04 | 43,156,928 | ---- | C] ()
    Spybot - Search & Destroy.lnk -> %UserProfile%\Skrivebord\Spybot - Search & Destroy.lnk -> [2009.03.09 20:34:13 | 00,000,932 | ---- | C] ()
    Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [2009.03.09 20:34:04 | 00,000,000 | ---D | C]
    Spybot - Search & Destroy -> %AllUsersProfile%\Programdata\Spybot - Search & Destroy -> [2009.03.09 20:34:04 | 00,000,000 | ---D | C]
    Spotify -> %UserProfile%\Lokale innstillinger\Programdata\Spotify -> [2009.03.09 19:37:46 | 00,000,000 | ---D | C]
    Spotify -> %AppData%\Spotify -> [2009.03.09 19:37:46 | 00,000,000 | ---D | C]
    Spotify.lnk -> %UserProfile%\Skrivebord\Spotify.lnk -> [2009.03.09 19:37:45 | 00,000,665 | ---- | C] ()
    Spotify -> %ProgramFiles%\Spotify -> [2009.03.09 19:37:44 | 00,000,000 | ---D | C]
    Thumbs.db -> %UserProfile%\Skrivebord\Thumbs.db -> [2009.03.09 18:08:10 | 00,009,728 | -HS- | C] ()
    heat.jpg -> %UserProfile%\Skrivebord\heat.jpg -> [2009.03.09 18:08:01 | 00,073,350 | ---- | C] ()
    lame-398-2 -> %SystemDrive%\lame-398-2 -> [2009.03.05 16:28:32 | 00,000,000 | ---D | C]
    toneichgut.jpg -> %UserProfile%\Skrivebord\toneichgut.jpg -> [2009.03.05 02:07:02 | 00,193,149 | ---- | C] ()
    FileZilla Server Interface.lnk -> %UserProfile%\Skrivebord\FileZilla Server Interface.lnk -> [2009.03.05 01:44:13 | 00,001,743 | ---- | C] ()
    FileZilla Server -> %ProgramFiles%\FileZilla Server -> [2009.03.05 01:39:39 | 00,000,000 | ---D | C]
    Ny mappe -> %UserProfile%\Skrivebord\Ny mappe -> [2009.03.05 00:59:53 | 00,000,000 | ---D | C]
    phedit.ini -> %SystemRoot%\phedit.ini -> [2009.03.01 19:07:09 | 00,000,250 | ---- | C] ()
    msvcrt10.dll -> %SystemRoot%\System32\msvcrt10.dll -> [2009.03.01 18:57:01 | 00,210,944 | ---- | C] ()
    fmachine.ini -> %SystemRoot%\fmachine.ini -> [2009.03.01 18:57:01 | 00,005,515 | ---- | C] ()
    VCW VicMan's Photo Editor -> %ProgramFiles%\VCW VicMan's Photo Editor -> [2009.03.01 18:57:01 | 00,000,000 | ---D | C]
    Karen's Power Tools -> %UserProfile%\Lokale innstillinger\Programdata\Karen's Power Tools -> [2009.03.01 10:24:57 | 00,000,000 | ---D | C]
    Karen's Power Tools -> %ProgramFiles%\Karen's Power Tools -> [2009.03.01 10:24:54 | 00,000,000 | ---D | C]
    Karen's Power Tools -> %AllUsersProfile%\Programdata\Karen's Power Tools -> [2009.03.01 10:24:45 | 00,000,000 | ---D | C]
    CCleaner.lnk -> %UserProfile%\Skrivebord\CCleaner.lnk -> [2009.03.01 10:16:57 | 00,001,545 | ---- | C] ()
    Daten.lnk -> %UserProfile%\Skrivebord\Daten.lnk -> [2009.02.28 22:57:35 | 00,001,132 | ---- | C] ()
    ezsidmv.dat -> %SystemRoot%\System32\ezsidmv.dat -> [2009.02.28 18:41:22 | 00,000,048 | -H-- | C] ()
    skypePM -> %AppData%\skypePM -> [2009.02.28 18:41:21 | 00,000,000 | ---D | C]
    Skype -> %AppData%\Skype -> [2009.02.28 18:39:16 | 00,000,000 | ---D | C]
    Skype -> %CommonProgramFiles%\Skype -> [2009.02.28 18:35:31 | 00,000,000 | ---D | C]
    Skype -> %ProgramFiles%\Skype -> [2009.02.28 18:35:29 | 00,000,000 | R--D | C]
    Skype -> %AllUsersProfile%\Programdata\Skype -> [2009.02.28 18:35:24 | 00,000,000 | ---D | C]
    AudFile.dll -> %SystemRoot%\System32\AudFile.dll -> [2009.02.28 13:27:52 | 01,986,560 | ---- | C] (NCT Company Ltd.)
    AudioInfos.dll -> %SystemRoot%\System32\AudioInfos.dll -> [2009.02.28 13:27:52 | 01,212,416 | ---- | C] (NCT Company Ltd.)
    AudioVisu.dll -> %SystemRoot%\System32\AudioVisu.dll -> [2009.02.28 13:27:52 | 00,479,232 | ---- | C] (NCT Company Ltd.)
    AudPlayer.dll -> %SystemRoot%\System32\AudPlayer.dll -> [2009.02.28 13:27:52 | 00,458,752 | ---- | C] (NCT Company Ltd.)
    AudioRecord.dll -> %SystemRoot%\System32\AudioRecord.dll -> [2009.02.28 13:27:52 | 00,454,656 | ---- | C] (NCT Company Ltd.)
    AudDisplay.dll -> %SystemRoot%\System32\AudDisplay.dll -> [2009.02.28 13:27:52 | 00,417,792 | ---- | C] (NCT Company Ltd.)
    COMCT232.OCX -> %SystemRoot%\System32\COMCT232.OCX -> [2009.02.28 13:27:52 | 00,164,144 | ---- | C] (Microsoft Corporation)
    NCTWMAProfiles.prx -> %SystemRoot%\System32\NCTWMAProfiles.prx -> [2009.02.28 13:27:52 | 00,116,296 | ---- | C] ()
    AudDesign.dll -> %SystemRoot%\System32\AudDesign.dll -> [2009.02.28 13:27:51 | 02,084,864 | ---- | C] (NCT Company Ltd.)
    TABCTL32.OCX -> %SystemRoot%\System32\TABCTL32.OCX -> [2009.02.28 13:27:51 | 00,224,016 | ---- | C] (Microsoft Corporation)
    MSCMCFR.DLL -> %SystemRoot%\System32\MSCMCFR.DLL -> [2009.02.28 13:27:51 | 00,141,312 | ---- | C] (Microsoft Corporation)
    VB6FR.DLL -> %SystemRoot%\System32\VB6FR.DLL -> [2009.02.28 13:27:51 | 00,119,568 | ---- | C] (Microsoft Corporation)
    msinet.OCX -> %SystemRoot%\System32\msinet.OCX -> [2009.02.28 13:27:51 | 00,115,920 | ---- | C] (Microsoft Corporation)
    VB6STKIT.DLL -> %SystemRoot%\System32\VB6STKIT.DLL -> [2009.02.28 13:27:51 | 00,101,888 | ---- | C] (Microsoft Corporation)
    Mscc2fr.dll -> %SystemRoot%\System32\Mscc2fr.dll -> [2009.02.28 13:27:51 | 00,059,904 | ---- | C] (Microsoft Corporation)
    CMDLGFR.DLL -> %SystemRoot%\System32\CMDLGFR.DLL -> [2009.02.28 13:27:51 | 00,032,768 | ---- | C] (Microsoft Corporation)
    TABCTFR.DLL -> %SystemRoot%\System32\TABCTFR.DLL -> [2009.02.28 13:27:51 | 00,021,504 | ---- | C] (Microsoft Corporation)
    inetfr.DLL -> %SystemRoot%\System32\inetfr.DLL -> [2009.02.28 13:27:51 | 00,015,360 | ---- | C] (Microsoft Corporation)
    lame_enc.dll -> %SystemRoot%\System32\lame_enc.dll -> [2009.02.28 13:27:50 | 00,484,352 | ---- | C] ()
    Free Audio Pack -> %ProgramFiles%\Free Audio Pack -> [2009.02.28 13:27:50 | 00,000,000 | ---D | C]
    Processing -> %UserProfile%\Mine dokumenter\Processing -> [2009.02.28 00:37:04 | 00,000,000 | ---D | C]
    Processing -> %AppData%\Processing -> [2009.02.28 00:37:04 | 00,000,000 | ---D | C]
    Audacity -> %ProgramFiles%\Audacity -> [2009.02.26 02:04:26 | 00,000,000 | ---D | C]
    iTunes Rettung -> %SystemDrive%\iTunes Rettung -> [2009.02.24 23:53:26 | 00,000,000 | ---D | C]
    iTunes -> %ProgramFiles%\iTunes -> [2009.02.24 23:33:01 | 00,000,000 | ---D | C]
    tunichtgut.png -> %UserProfile%\tunichtgut.png -> [2009.02.22 16:15:59 | 02,364,694 | ---- | C] ()
    gtk-2.0 -> %AppData%\gtk-2.0 -> [2009.02.22 16:15:59 | 00,000,000 | ---D | C]
    Ashampoo -> %AppData%\Ashampoo -> [2009.02.21 20:07:46 | 00,000,000 | ---D | C]
    ashampoo -> %UserProfile%\Lokale innstillinger\Programdata\ashampoo -> [2009.02.21 20:07:33 | 00,000,000 | ---D | C]
    ashampoo -> %AllUsersProfile%\Programdata\ashampoo -> [2009.02.21 20:07:33 | 00,000,000 | ---D | C]
    Ashampoo -> %ProgramFiles%\Ashampoo -> [2009.02.21 20:07:30 | 00,000,000 | ---D | C]
    IrfanView -> %ProgramFiles%\IrfanView -> [2009.02.21 18:27:48 | 00,000,000 | ---D | C]
    .thumbnails -> %UserProfile%\.thumbnails -> [2009.02.21 17:52:30 | 00,000,000 | ---D | C]
    .gimp-2.6 -> %UserProfile%\.gimp-2.6 -> [2009.02.21 17:52:00 | 00,000,000 | ---D | C]
    .gegl-0.0 -> %UserProfile%\.gegl-0.0 -> [2009.02.21 17:51:56 | 00,000,000 | ---D | C]
    GIMP-2.0 -> %ProgramFiles%\GIMP-2.0 -> [2009.02.21 17:51:33 | 00,000,000 | ---D | C]
    TVAnts -> %ProgramFiles%\TVAnts -> [2009.02.21 14:52:50 | 00,000,000 | ---D | C]
    hidserv.dll -> %SystemRoot%\System32\hidserv.dll -> [2009.02.19 13:34:48 | 00,021,504 | ---- | C] (Microsoft Corporation)
    hidserv.dll -> %SystemRoot%\System32\dllcache\hidserv.dll -> [2009.02.19 13:34:48 | 00,021,504 | ---- | C] (Microsoft Corporation)
    mouhid.sys -> %SystemRoot%\System32\drivers\mouhid.sys -> [2009.02.19 13:34:47 | 00,012,160 | ---- | C] (Microsoft Corporation)
    mouhid.sys -> %SystemRoot%\System32\dllcache\mouhid.sys -> [2009.02.19 13:34:47 | 00,012,160 | ---- | C] (Microsoft Corporation)
    kbdhid.sys -> %SystemRoot%\System32\drivers\kbdhid.sys -> [2009.02.19 13:34:46 | 00,014,592 | ---- | C] (Microsoft Corporation)
    kbdhid.sys -> %SystemRoot%\System32\dllcache\kbdhid.sys -> [2009.02.19 13:34:46 | 00,014,592 | ---- | C] (Microsoft Corporation)
    hidusb.sys -> %SystemRoot%\System32\drivers\hidusb.sys -> [2009.02.19 13:34:40 | 00,010,368 | ---- | C] (Microsoft Corporation)
    hidusb.sys -> %SystemRoot%\System32\dllcache\hidusb.sys -> [2009.02.19 13:34:40 | 00,010,368 | ---- | C] (Microsoft Corporation)
    usbccgp.sys -> %SystemRoot%\System32\drivers\usbccgp.sys -> [2009.02.19 13:34:36 | 00,032,128 | ---- | C] (Microsoft Corporation)
    usbccgp.sys -> %SystemRoot%\System32\dllcache\usbccgp.sys -> [2009.02.19 13:34:36 | 00,032,128 | ---- | C] (Microsoft Corporation)
    Flurry.scr -> %SystemRoot%\Flurry.scr -> [2009.02.19 00:23:00 | 00,118,845 | ---- | C] (Matt Ginzton)
    Texte -> %UserProfile%\Mine dokumenter\Texte -> [2009.02.18 23:48:34 | 00,000,000 | ---D | C]
     
    [Files/Folders - Modified Within 30 Days]
    Perflib_Perfdata_19c.dat -> %SystemRoot%\Temp\Perflib_Perfdata_19c.dat -> [2009.03.16 15:58:32 | 00,016,384 | ---- | M] ()
    Perflib_Perfdata_2ec.dat -> %SystemRoot%\Temp\Perflib_Perfdata_2ec.dat -> [2009.03.16 15:58:28 | 00,016,384 | ---- | M] ()
    nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [2009.03.16 15:58:15 | 00,181,438 | ---- | M] ()
    SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009.03.16 15:58:12 | 00,000,006 | -H-- | M] ()
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009.03.16 15:58:08 | 00,002,048 | --S- | M] ()
    NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009.03.16 06:15:04 | 12,320,768 | -H-- | M] ()
    ntuser.ini -> %UserProfile%\ntuser.ini -> [2009.03.16 06:15:04 | 00,000,286 | -HS- | M] ()
    Perflib_Perfdata_134.dat -> %SystemRoot%\Temp\Perflib_Perfdata_134.dat -> [2009.03.16 06:04:07 | 00,016,384 | ---- | M] ()
    IconCache.db -> %UserProfile%\Lokale innstillinger\Programdata\IconCache.db -> [2009.03.15 23:18:07 | 04,956,044 | -H-- | M] ()
    Perflib_Perfdata_1d0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_1d0.dat -> [2009.03.15 22:45:27 | 00,016,384 | ---- | M] ()
    Perflib_Perfdata_188.dat -> %SystemRoot%\Temp\Perflib_Perfdata_188.dat -> [2009.03.15 11:10:01 | 00,016,384 | ---- | M] ()
    Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Skrivebord\Malwarebytes' Anti-Malware.lnk -> [2009.03.15 10:35:29 | 00,000,697 | ---- | M] ()
    Perflib_Perfdata_dc.dat -> %SystemRoot%\Temp\Perflib_Perfdata_dc.dat -> [2009.03.15 10:24:34 | 00,016,384 | ---- | M] ()
    DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009.03.15 00:52:56 | 00,078,336 | ---- | M] ()
    Perflib_Perfdata_cc.dat -> %SystemRoot%\Temp\Perflib_Perfdata_cc.dat -> [2009.03.14 18:56:03 | 00,016,384 | ---- | M] ()
    Perflib_Perfdata_e0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_e0.dat -> [2009.03.14 10:00:50 | 00,016,384 | ---- | M] ()
    Perflib_Perfdata_7a8.dat -> %SystemRoot%\Temp\Perflib_Perfdata_7a8.dat -> [2009.03.13 20:33:57 | 00,016,384 | ---- | M] ()
    win.ini -> %SystemRoot%\win.ini -> [2009.03.13 20:32:29 | 00,000,637 | ---- | M] ()
    system.ini -> %SystemRoot%\system.ini -> [2009.03.13 20:32:29 | 00,000,227 | ---- | M] ()
    boot.ini -> %SystemDrive%\boot.ini -> [2009.03.13 20:32:29 | 00,000,211 | RHS- | M] ()
    HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [2009.03.13 20:16:04 | 00,000,686 | ---- | M] ()
    user32.dll -> %SystemRoot%\System32\dllcache\user32.dll -> [2009.03.13 20:15:23 | 00,578,560 | ---- | M] (Microsoft Corporation)
    .recently-used.xbel -> %UserProfile%\.recently-used.xbel -> [2009.03.11 10:18:48 | 00,046,440 | ---- | M] ()
    SopCast.lnk -> %UserProfile%\Skrivebord\SopCast.lnk -> [2009.03.10 19:26:33 | 00,000,665 | ---- | M] ()
    NTREGOPT.lnk -> %UserProfile%\Skrivebord\NTREGOPT.lnk -> [2009.03.10 13:58:15 | 00,000,612 | ---- | M] ()
    ERUNT.lnk -> %UserProfile%\Skrivebord\ERUNT.lnk -> [2009.03.10 13:58:15 | 00,000,593 | ---- | M] ()
    HijackThis.lnk -> %UserProfile%\Skrivebord\HijackThis.lnk -> [2009.03.10 13:34:57 | 00,001,731 | ---- | M] ()
    iTunes.lnk -> %AllUsersProfile%\Skrivebord\iTunes.lnk -> [2009.03.10 13:21:39 | 00,002,341 | ---- | M] ()
    QuickTime Player.lnk -> %AllUsersProfile%\Skrivebord\QuickTime Player.lnk -> [2009.03.10 13:07:40 | 00,001,605 | ---- | M] ()
    FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009.03.09 20:41:17 | 00,114,968 | ---- | M] ()
    Spybot - Search & Destroy.lnk -> %UserProfile%\Skrivebord\Spybot - Search & Destroy.lnk -> [2009.03.09 20:34:13 | 00,000,932 | ---- | M] ()
    GDIPFONTCACHEV1.DAT -> %UserProfile%\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT -> [2009.03.09 20:33:12 | 00,018,040 | ---- | M] ()
    Spotify.lnk -> %UserProfile%\Skrivebord\Spotify.lnk -> [2009.03.09 19:37:45 | 00,000,665 | ---- | M] ()
    Thumbs.db -> %UserProfile%\Skrivebord\Thumbs.db -> [2009.03.09 18:08:11 | 00,009,728 | -HS- | M] ()
    heat.jpg -> %UserProfile%\Skrivebord\heat.jpg -> [2009.03.09 18:08:02 | 00,073,350 | ---- | M] ()
    wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009.03.08 22:40:19 | 00,002,262 | ---- | M] ()
    toneichgut.jpg -> %UserProfile%\Skrivebord\toneichgut.jpg -> [2009.03.05 02:07:03 | 00,193,149 | ---- | M] ()
    FileZilla Server Interface.lnk -> %UserProfile%\Skrivebord\FileZilla Server Interface.lnk -> [2009.03.05 01:44:13 | 00,001,743 | ---- | M] ()
    phedit.ini -> %SystemRoot%\phedit.ini -> [2009.03.01 19:07:09 | 00,000,250 | ---- | M] ()
    CCleaner.lnk -> %UserProfile%\Skrivebord\CCleaner.lnk -> [2009.03.01 10:16:57 | 00,001,545 | ---- | M] ()
    Daten.lnk -> %UserProfile%\Skrivebord\Daten.lnk -> [2009.02.28 22:58:08 | 00,001,132 | ---- | M] ()
    ezsidmv.dat -> %SystemRoot%\System32\ezsidmv.dat -> [2009.02.28 18:41:22 | 00,000,048 | -H-- | M] ()
    tunichtgut.png -> %UserProfile%\tunichtgut.png -> [2009.02.22 16:15:59 | 02,364,694 | ---- | M] ()
    iTunes Library.itl -> %UserProfile%\Skrivebord\iTunes Library.itl -> [2009.02.19 15:22:15 | 43,156,928 | ---- | M] ()
    iTunes Library.itl -> %UserProfile%\Mine dokumenter\iTunes Library.itl -> [2009.02.19 15:22:15 | 43,156,928 | ---- | M] ()
    qmgr0.dat -> %AllUsersProfile%\Programdata\Microsoft\Network\Downloader\qmgr0.dat -> [2009.01.14 21:12:11 | 00,004,646 | ---- | M] ()
    qmgr1.dat -> %AllUsersProfile%\Programdata\Microsoft\Network\Downloader\qmgr1.dat -> [2009.01.14 21:12:11 | 00,004,232 | ---- | M] ()
    data.dat -> %AllUsersProfile%\Programdata\Microsoft\Office\Data\data.dat -> [2004.12.01 21:26:30 | 00,001,372 | ---- | M] ()
     
    [Alternate Data Streams]
    @Alternate Data Stream - 0 bytes -> %UserProfile%\Mine dokumenter\Thumbs.db:encryptable
    @Alternate Data Stream - 0 bytes -> %UserProfile%\Skrivebord\Thumbs.db:encryptable
    @Alternate Data Stream - 165 bytes -> %AllUsersProfile%\Programdata\TEMP:B3D74A13
    [CatchMe Rootkit Scan by GMER]
    < Windows folder & sub-folders >
    scanning hidden processes ...
    IPC error: 2 Systemet finner ikke angitt fil.
    scanning hidden services & system hive ...
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Programfiler\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:8a,4d,a2,ad,70,83,a8,10,ab,55,77,59,4a,77,7f,3a,38,42,da,11,46,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,6a,0e,1d,18,63,78,4e,18,ae,1e,a1,3f,9a,68,81,4b,4c,..
    "khjeh"=hex:c5,ca,38,3a,6d,ba,c5,9f,6d,cf,a1,a2,82,60,e0,2a,6d,21,36,9f,cd,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:7e,c5,9b,63,0d,38,ef,30,7b,dd,f9,34,28,d4,aa,c6,1b,07,a0,e9,82,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:96,69,f5,b7,60,74,c1,22,0f,98,1a,c5,fe,1f,da,99,3d,b3,d7,9a,97,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Programfiler\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:f8,6d,ff,1d,e8,7e,8f,da,ce,3f,5d,b6,9b,ca,0a,45,80,21,ad,c0,23,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,6a,0e,1d,18,63,78,4e,18,ae,1e,a1,3f,9a,68,81,4b,4c,..
    "khjeh"=hex:c5,ca,38,3a,6d,ba,c5,9f,6d,cf,a1,a2,82,60,e0,2a,6d,21,36,9f,cd,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:3f,69,6a,7a,9a,b9,38,f8,95,25,ff,23,4e,3c,b5,42,c3,cd,74,4f,10,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:84,5e,4b,34,be,de,17,f9,58,c2,c0,56,9e,3e,e4,76,20,c3,32,21,4f,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s0"=dword:2a26279a
    "s1"=dword:e727a182
    "s2"=dword:9393da3b
    "h0"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:02,f0,9c,e4,87,ad,8f,25,ec,69,ea,05,bc,a4,30,27,47,63,35,5c,e7,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:02,f0,9c,e4,87,ad,8f,25,ec,69,ea,05,bc,a4,30,27,47,63,35,5c,e7,..
    scanning hidden registry entries ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 5
    < Document and Settings folder & sub folders >
    scanning hidden files ...
    IPC error: 2 Systemet finner ikke angitt fil.
    C:\Documents and Settings\All Users\Programdata\TEMP:B3D74A13 165 bytes
    scan completed successfully
    hidden files: 106
     
    < End of report >

  5. #15
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi berliner

    Logs look good. How's the computer running now? Any problems?
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  6. #16
    Junior Member
    Join Date
    Mar 2009
    Posts
    11

    Default

    Well, itunes is slow, but i can live with that if you tell me im clean...

    Whats manager32.exe? What else did i remove? How did i get it? Do i need more protection than xpantispy, ccleaner, s&d, avg? can i get rid of all the anti-malware-stuff i downloaded?

    what did i tell the world about me with my logs?


    Tusen takk for hjelpet!! og til neste gang


    Berliner

  7. #17
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi berliner
    Whats manager32.exe?
    it is a bad guy,but it was gone, and therefore it could not be found
    What else did i remove?
    there was not anything dangerous
    Do i need more protection than xpantispy, ccleaner, s&d, avg?
    not really, but you can Read some information here how to prevent Malware.
    can i get rid of all the anti-malware-stuff i downloaded?
    we will do it a bit later.
    what did i tell the world about me with my logs?
    All about yourself

    We will run one online scan to be sure that there is nothing left.

    1 - Clean temp files

    • Download and Run ATF Cleaner
      Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

      Under Main choose:
      • Windows Temp
        Current User Temp
        All Users Temp
        Temporary Internet Files
        Prefetch
        Java Cache

        *The other boxes are optional*
        Then click the Empty Selected button.

      if you use Firefox:
      • Click Firefox at the top and choose: Select All
        Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

      if you use Opera:
      • Click Opera at the top and choose: Select All
        Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


      Click Exit on the Main menu to close the program


    2 - Kaspersky Online Scan

    Please go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply.


    3 - Run Hijackthis
    Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

    4 - Status Check
    Please reply with

    1. 2. the ComboFix log
    2. the Kaspersky online scanner report
    3. a fresh HijackThis log

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  8. #18
    Junior Member
    Join Date
    Mar 2009
    Posts
    11

    Default

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Wednesday, March 18, 2009
    Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Wednesday, March 18, 2009 08:13:00
    Records in database: 1926270
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    H:\
    I:\

    Scan statistics:
    Files scanned: 118493
    Threat name: 1
    Infected objects: 1
    Suspicious objects: 0
    Duration of the scan: 02:16:00


    File name / Threat name / Threats count
    C:\WINDOWS\system32\madCHook.dll Infected: not-a-virus:RiskTool.Win32.Hooker.a 1

    The selected area was scanned.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:48:57, on 18.03.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programfiler\iTunes\iTunesHelper.exe
    C:\Programfiler\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Programfiler\Bonjour\mDNSResponder.exe
    E:\Programmer\Diskeeper\DkService.exe
    C:\Programfiler\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Programfiler\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Mozilla Firefox\firefox.exe
    C:\Programfiler\Java\jre6\bin\java.exe
    C:\Documents and Settings\Kødde\Lokale innstillinger\Temp\jkos-Kødde\binaries\ScanningProcess.exe
    C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Programmer\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - http://liveupdate.msi.com.tw/autobio...ne/install.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - E:\Programmer\Diskeeper\DkService.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programfiler\FileZilla Server\FileZilla Server.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 6498 bytes



    Combofix?

  9. #19
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi berliner

    Next we remove all used tools.

    Delete RSIT from your desktop, also delete this folder C:\rsit.

    Delete FileLook from your desktop, also delete this file C:\fl_log.txt

    Now lets uninstall ComboFix:

    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK


    and finally

    • Double-click OTMoveIt3.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes, if not delete it by yourself.



    everything looks good except......

    it seems you don't have any evidence of a third party firewall.

    As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

    1) Comodo (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
    2) Online Armor
    3) PC Tools
    4) Sunbelt/Kerio
    5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

    If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

    How's the computer running now? Any problems?

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  10. #20
    Junior Member
    Join Date
    Mar 2009
    Posts
    11

    Default

    Tusen takk again. Armoured now. What about the tea timer?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •