Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I'm pretty sure there are some trojan or key loggers.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I'm pretty sure there are some trojan or key loggers.

Unread postby KillerTapper666 » October 12th, 2009, 1:50 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:18:38, on 12.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe
C:\Programfiler\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\Programfiler\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programfiler\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\Npm\Bin\scheduler.exe
C:\Programfiler\Norman\npc\bin\npcsvc32.exe
C:\Programfiler\Norman\Npm\Bin\Njeeves.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Norman\Nse\Bin\NSESVC.EXE
C:\Programfiler\Norman\npc\bin\nuaa.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programfiler\Norman\Nvc\Bin\nvcoas.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\Canon\MultiPASS4\MPTBox.exe
C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programfiler\Norman\Npm\Bin\ZLH.EXE
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Windows Live\Messenger\msnmsgr.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\Programfiler\Norman\Nvc\Bin\Nip.exe
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programfiler\Norman\Nvc\Bin\cclaw.exe
C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe
C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Skype\Plugin Manager\skypePM.exe
C:\Programfiler\Google\Chrome\Application\chrome.exe
C:\Programfiler\Google\Chrome\Application\chrome.exe
C:\Programfiler\Google\Chrome\Application\chrome.exe
C:\Programfiler\Google\Chrome\Application\chrome.exe
C:\Programfiler\Google\Chrome\Application\chrome.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programfiler\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Programfiler\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [MPTBox] C:\Programfiler\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Programfiler\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Programfiler\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Programfiler\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AROReminder] C:\Programfiler\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Googles oppdateringstjeneste (gupdate1c9d313d654768e) (gupdate1c9d313d654768e) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MpService - Canon Inc. - C:\Programfiler\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norman NJeeves - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Programfiler\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programfiler\Norman\Nse\Bin\NSESVC.EXE
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Programfiler\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\Bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Programfiler\Norman\Npm\Bin\Nvcsched.exe (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\scheduler.exe

--
End of file - 14279 bytes
KillerTapper666
Active Member
 
Posts: 14
Joined: October 12th, 2009, 1:33 am
Advertisement
Register to Remove

Re: I'm pretty sure there are some trojan or key loggers.

Unread postby MWR 3 day Mod » October 15th, 2009, 1:11 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: I'm pretty sure there are some trojan or key loggers.

Unread postby km2357 » October 15th, 2009, 2:27 pm

Hello and welcome to Malware Removal.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh HiJackThis Log
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: I'm pretty sure there are some trojan or key loggers.

Unread postby km2357 » October 18th, 2009, 12:31 pm

KillerTapper666? Do you still need help?
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: I'm pretty sure there are some trojan or key loggers.

Unread postby KillerTapper666 » October 19th, 2009, 9:38 am

km2357 wrote:KillerTapper666? Do you still need help?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:13, on 19.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe
C:\Programfiler\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\Programfiler\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programfiler\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\Npm\Bin\scheduler.exe
C:\Programfiler\Norman\npc\bin\npcsvc32.exe
C:\Programfiler\Norman\Npm\Bin\Njeeves.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Norman\Nse\Bin\NSESVC.EXE
C:\Programfiler\Norman\npc\bin\nuaa.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programfiler\Norman\Nvc\Bin\nvcoas.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\Canon\MultiPASS4\MPTBox.exe
C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programfiler\Norman\Npm\Bin\ZLH.EXE
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\Programfiler\Norman\Nvc\Bin\Nip.exe
C:\Programfiler\Norman\Nvc\Bin\cclaw.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programfiler\Windows Live\Messenger\msnmsgr.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\Programfiler\Advanced Registry Optimizer\aro.exe
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe
C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Skype\Plugin Manager\skypePM.exe
C:\Programfiler\Google\Chrome\Application\chrome.exe
C:\Programfiler\Google\Chrome\Application\chrome.exe
C:\Programfiler\Google\Chrome\Application\chrome.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programfiler\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Programfiler\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [MPTBox] C:\Programfiler\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Programfiler\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Programfiler\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Programfiler\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AROReminder] C:\Programfiler\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Googles oppdateringstjeneste (gupdate1c9d313d654768e) (gupdate1c9d313d654768e) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MpService - Canon Inc. - C:\Programfiler\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norman NJeeves - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Programfiler\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programfiler\Norman\Nse\Bin\NSESVC.EXE
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Programfiler\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\Bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Programfiler\Norman\Npm\Bin\Nvcsched.exe (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\scheduler.exe

--
End of file - 14096 bytes
KillerTapper666
Active Member
 
Posts: 14
Joined: October 12th, 2009, 1:33 am

Re: I'm pretty sure there are some trojan or key loggers.

Unread postby km2357 » October 19th, 2009, 2:42 pm

Thanks. :)


Step # 1: Disable Teatimer

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

This is a two step process.
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the version 1.5 or 1.6, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident


Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.



Step # 2: Remove Hijackthis Entries

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):


    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.


Step # 3 Download and run DDS

Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Step # 4: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click No.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: I'm pretty sure there are some trojan or key loggers.

Unread postby KillerTapper666 » October 20th, 2009, 2:05 am

Step # 3 Download and run DDS

Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.

The DDS wont complete... have tried to download it from both links but it just blinks with an _ and wont run or pop anything :?
KillerTapper666
Active Member
 
Posts: 14
Joined: October 12th, 2009, 1:33 am

Re: I'm pretty sure there are some trojan or key loggers.

Unread postby km2357 » October 20th, 2009, 2:50 pm

The DDS wont complete... have tried to download it from both links but it just blinks with an _ and wont run or pop anything


Ok, let's try this:

Step # 1 Download and Run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Post the two RSIT Logs (log and info.txt) and the GMER Log (from Step #4 in my last post) in your next post/reply. Use multiple posts if you can't get everything into one post.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: I'm pretty sure there are some trojan or key loggers.

Unread postby KillerTapper666 » October 21st, 2009, 8:15 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by Vegard at 2009-10-21 07:45:48
Microsoft Windows XP Professional Service Pack 3
System drive C: has 108 GB (71%) free of 153 GB
Total RAM: 894 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:46:07, on 21.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe
C:\Programfiler\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\Programfiler\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programfiler\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programfiler\Norman\Npm\Bin\scheduler.exe
C:\Programfiler\Norman\Npm\Bin\Njeeves.exe
C:\Programfiler\Norman\npc\bin\npcsvc32.exe
C:\Programfiler\Norman\Nse\Bin\NSESVC.EXE
C:\Programfiler\Norman\npc\bin\nuaa.exe
C:\Programfiler\Norman\Nvc\Bin\nvcoas.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\Canon\MultiPASS4\MPTBox.exe
C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programfiler\Norman\Npm\Bin\ZLH.EXE
C:\Programfiler\Norman\Nvc\Bin\Nip.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\Programfiler\Norman\Nvc\Bin\cclaw.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programfiler\Windows Live\Messenger\msnmsgr.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe
C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Skype\Plugin Manager\skypePM.exe
C:\Programfiler\Google\Chrome\Application\chrome.exe
C:\Programfiler\Google\Chrome\Application\chrome.exe
C:\Programfiler\Norman\nvc\bin\nvcod.exe
C:\Programfiler\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vegard\Mine dokumenter\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programfiler\Trend Micro\HijackThis\Vegard.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programfiler\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Programfiler\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [MPTBox] C:\Programfiler\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Programfiler\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Programfiler\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Programfiler\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AROReminder] C:\Programfiler\Advanced Registry Optimizer\aro.exe -rem
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Googles oppdateringstjeneste (gupdate1c9d313d654768e) (gupdate1c9d313d654768e) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MpService - Canon Inc. - C:\Programfiler\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norman NJeeves - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Programfiler\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programfiler\Norman\Nse\Bin\NSESVC.EXE
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Programfiler\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\Bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Programfiler\Norman\Npm\Bin\Nvcsched.exe (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\scheduler.exe

--
End of file - 13926 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\HP Usg Daily FY04.job
C:\WINDOWS\tasks\OGADaily.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\Se etter oppdateringer for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Programfiler\AskBarDis\bar\bin\askBar.dll [2008-08-06 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-04-16 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Påloggingshjelp for Windows Live - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-24 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programfiler\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-04 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Programfiler\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Programfiler\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-24 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programfiler\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Programfiler\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-24 256112]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Programfiler\AskBarDis\bar\bin\askBar.dll [2008-08-06 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe [2006-01-04 344064]
"SetRefresh"=C:\Programfiler\Compaq\SetRefresh\SetRefresh.exe [2003-11-20 525824]
"MPTBox"=C:\Programfiler\Canon\MultiPASS4\MPTBox.exe [2002-09-11 167936]
"Omnipage"=C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe [2002-02-20 49152]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe [2004-04-06 172032]
"HPHUPD06"=c:\Programfiler\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2004-07-14 49152]
"HP Software Update"=c:\Programfiler\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"HPHmon06"=C:\WINDOWS\system32\hphmon06.exe [2004-07-14 659456]
"Symantec PIF AlertEng"=C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"Norman ZANDA"=C:\Programfiler\Norman\Npm\Bin\ZLH.EXE [2009-10-07 189824]
"NPCTray"=C:\Programfiler\Norman\npc\bin\npc_tray.exe [2009-10-07 128328]
"SunJavaUpdateSched"=C:\Programfiler\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"=C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"QuickTime Task"=C:\Programfiler\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Programfiler\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Programfiler\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"swg"=C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-03 68856]
"MSMSGS"=C:\Programfiler\Messenger\msmsgs.exe [2008-04-14 1695232]
"Skype"=C:\Programfiler\Skype\Phone\Skype.exe [2009-04-16 24264488]
"AROReminder"=C:\Programfiler\Advanced Registry Optimizer\aro.exe [2008-08-22 2084480]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart
HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\digital imaging\bin\hpqtra08.exe
Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Sonic CinePlayer Quick Launch.lnk - C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe

C:\Documents and Settings\Vegard\Start-meny\Programmer\Oppstart
OneNote 2007 Screen Clipper og Launcher.lnk - C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-01-05 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programfiler\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programfiler\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\LimeWire\LimeWire.exe"="C:\Programfiler\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Programfiler\Messenger\msmsgs.exe"="C:\Programfiler\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Documents and Settings\All Users\Programdata\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Programdata\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\NMService.exe"="C:\Nexon\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Programfiler\Pando Networks\Media Booster\PMB.exe"="C:\Programfiler\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Documents and Settings\All Users\Programdata\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Programdata\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\NGM\NGM.exe"="C:\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Programfiler\Bonjour\mDNSResponder.exe"="C:\Programfiler\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programfiler\Spotify\spotify.exe"="C:\Programfiler\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Programfiler\iTunes\iTunes.exe"="C:\Programfiler\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programfiler\Skype\Phone\Skype.exe"="C:\Programfiler\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

======List of files/folders created in the last 3 months======

2009-10-21 07:45:48 ----D---- C:\rsit
2009-10-21 07:05:32 ----D---- C:\WINDOWS\LastGood
2009-10-20 08:00:01 ----HD---- C:\WINDOWS\PIF
2009-10-15 03:11:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 03:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-15 03:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 03:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-15 03:06:46 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-15 03:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-15 03:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 03:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-15 03:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-13 14:34:13 ----D---- C:\Programfiler\iPod
2009-10-13 14:34:06 ----D---- C:\Programfiler\iTunes
2009-10-13 14:34:06 ----D---- C:\Documents and Settings\All Users\Programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-13 14:31:48 ----D---- C:\Programfiler\QuickTime
2009-10-13 14:26:12 ----D---- C:\Programfiler\Safari
2009-10-12 22:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-12 07:18:07 ----D---- C:\Programfiler\Trend Micro
2009-10-11 20:15:56 ----D---- C:\Documents and Settings\Vegard\Programdata\Malwarebytes
2009-10-11 20:15:47 ----D---- C:\Documents and Settings\All Users\Programdata\Malwarebytes
2009-10-11 20:15:46 ----D---- C:\Programfiler\Malwarebytes' Anti-Malware
2009-10-11 19:23:51 ----D---- C:\Programfiler\Spybot - Search & Destroy
2009-10-11 19:23:51 ----D---- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy
2009-10-11 19:13:30 ----D---- C:\Documents and Settings\Vegard\Programdata\Sammsoft
2009-10-11 19:13:13 ----D---- C:\Programfiler\AskBarDis
2009-10-11 19:13:12 ----D---- C:\Programfiler\Advanced Registry Optimizer
2009-09-13 09:15:28 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-13 09:15:28 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-13 09:15:28 ----A---- C:\WINDOWS\system32\java.exe
2009-09-10 08:05:28 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-10 08:05:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-10 08:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-08-28 15:13:21 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-28 03:09:29 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-28 03:09:22 ----D---- C:\Programfiler\MSBuild
2009-08-28 03:09:18 ----D---- C:\WINDOWS\system32\en-US
2009-08-28 03:09:08 ----D---- C:\Programfiler\Reference Assemblies
2009-08-28 03:07:58 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-28 03:07:57 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-28 03:07:57 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-28 03:07:56 ----D---- C:\05915b1aef4389a01a7e5d56059f
2009-08-27 03:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-26 20:11:38 ----D---- C:\Programfiler\Mozilla Firefox
2009-08-25 19:41:12 ----D---- C:\Documents and Settings\Vegard\Programdata\Spotify
2009-08-25 19:41:08 ----D---- C:\Programfiler\Spotify
2009-08-24 20:32:31 ----D---- C:\Documents and Settings\Vegard\Programdata\AdobeUM
2009-08-24 20:29:12 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-08-24 20:29:12 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-08-24 20:29:12 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-08-24 20:29:10 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-08-24 20:29:10 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-08-24 20:29:09 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-08-24 20:29:08 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-08-24 20:29:07 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-08-24 20:29:07 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-08-24 20:29:07 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-08-24 20:29:06 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-08-24 20:29:06 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-08-24 20:29:05 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-08-24 20:29:05 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-08-24 20:29:04 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-08-24 20:29:04 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-08-24 20:29:04 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-08-24 20:29:03 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-08-24 20:29:03 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-08-24 20:29:02 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-08-24 20:29:01 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-08-24 20:29:01 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-08-24 20:29:01 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-08-24 20:29:00 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-08-24 20:28:59 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-08-24 20:28:59 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-08-24 20:28:59 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-08-24 20:28:58 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-08-24 20:28:58 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-08-24 20:28:57 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-08-24 20:28:56 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-08-24 20:28:56 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-08-24 20:28:56 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-08-24 20:28:55 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-08-24 20:28:54 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-08-24 20:28:54 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-08-24 20:28:53 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-08-24 20:28:53 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-08-24 20:28:52 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-08-24 20:28:52 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-08-24 20:28:51 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-08-24 20:28:50 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-08-24 20:28:50 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-08-24 20:28:50 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-08-24 20:28:50 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-08-24 20:28:49 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-08-24 20:28:49 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-08-24 20:28:47 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-08-24 20:28:46 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-08-24 20:28:46 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-08-24 20:28:45 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-08-24 20:28:44 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-08-24 20:28:44 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-08-24 20:28:44 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-08-24 20:28:43 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-08-24 20:28:43 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-08-24 20:28:43 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-08-24 20:28:42 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-08-24 20:28:42 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-08-24 20:28:41 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-08-24 20:28:40 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-08-24 20:28:40 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-08-24 20:28:36 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-08-24 20:28:35 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-08-24 20:28:35 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-08-24 20:28:35 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-08-24 20:28:34 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-08-24 20:28:34 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-08-24 20:28:33 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-08-24 20:28:33 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-08-24 20:28:32 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-08-24 20:28:29 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-08-24 20:27:20 ----HD---- C:\WINDOWS\msdownld.tmp
2009-08-24 20:27:11 ----D---- C:\WINDOWS\Logs
2009-08-23 07:59:12 ----D---- C:\Fraps
2009-08-22 12:01:38 ----AD---- C:\Documents and Settings\All Users\Programdata\TEMP
2009-08-20 16:09:11 ----D---- C:\Documents and Settings\All Users\Programdata\Blizzard Entertainment
2009-08-17 23:33:52 ----A---- C:\WINDOWS\system32\FM20.DLL
2009-08-13 22:41:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 22:41:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 22:41:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 22:41:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 22:41:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 22:40:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 22:40:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 22:40:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 22:38:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

======List of files/folders modified in the last 3 months======

2009-10-21 07:45:31 ----D---- C:\WINDOWS\Prefetch
2009-10-21 07:13:31 ----D---- C:\Documents and Settings\Vegard\Programdata\Skype
2009-10-21 07:08:00 ----D---- C:\Documents and Settings\Vegard\Programdata\skypePM
2009-10-21 07:07:29 ----D---- C:\WINDOWS\Temp
2009-10-21 07:05:55 ----HD---- C:\WINDOWS\inf
2009-10-21 07:05:55 ----D---- C:\WINDOWS\system32\drivers
2009-10-21 07:05:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-21 07:05:32 ----D---- C:\WINDOWS
2009-10-21 07:05:28 ----D---- C:\Programfiler\Norman
2009-10-21 07:05:20 ----D---- C:\WINDOWS\system32
2009-10-20 21:21:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-15 03:29:13 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-15 03:29:10 ----RSD---- C:\WINDOWS\assembly
2009-10-15 03:21:06 ----HD---- C:\Config.Msi
2009-10-15 03:14:26 ----SHD---- C:\WINDOWS\Installer
2009-10-15 03:13:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-15 03:13:24 ----D---- C:\WINDOWS\WinSxS
2009-10-15 03:07:14 ----A---- C:\WINDOWS\imsins.BAK
2009-10-15 03:07:12 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-10-15 03:06:31 ----D---- C:\WINDOWS\system32\nb-no
2009-10-15 03:06:31 ----D---- C:\Programfiler\Internet Explorer
2009-10-15 03:06:21 ----D---- C:\WINDOWS\ie7updates
2009-10-15 03:05:43 ----D---- C:\Documents and Settings\All Users\Programdata\Microsoft Help
2009-10-15 03:03:21 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-13 19:43:31 ----D---- C:\Programfiler\World of Warcraft
2009-10-13 14:45:25 ----D---- C:\Documents and Settings\Vegard\Programdata\Apple Computer
2009-10-13 14:35:03 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-13 14:34:13 ----RD---- C:\Programfiler
2009-10-13 14:34:11 ----D---- C:\Programfiler\Fellesfiler\Apple
2009-10-08 17:13:29 ----D---- C:\Programfiler\Bonjour
2009-10-08 17:01:21 ----SD---- C:\Documents and Settings\Vegard\Programdata\Microsoft
2009-10-02 20:01:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-17 19:15:25 ----D---- C:\Documents and Settings\Vegard\Programdata\LimeWire
2009-09-13 09:15:23 ----D---- C:\Programfiler\Java
2009-09-11 16:20:28 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-09-08 20:27:36 ----D---- C:\Programfiler\Warcraft III
2009-09-04 23:05:29 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-08-29 09:32:54 ----A---- C:\WINDOWS\system32\wininet.dll
2009-08-29 09:32:53 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-08-29 09:32:53 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-08-29 09:32:52 ----A---- C:\WINDOWS\system32\url.dll
2009-08-29 09:32:52 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-08-29 09:32:52 ----A---- C:\WINDOWS\system32\occache.dll
2009-08-29 09:32:52 ----A---- C:\WINDOWS\system32\mstime.dll
2009-08-29 09:32:52 ----A---- C:\WINDOWS\system32\msrating.dll
2009-08-29 09:32:52 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-08-29 09:32:51 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-08-29 09:32:48 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-08-29 09:32:48 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-08-29 09:32:48 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-08-29 09:32:47 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-08-29 09:32:46 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-08-29 09:32:46 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-08-29 09:32:43 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-08-29 09:32:43 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-08-29 09:32:43 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-08-29 09:32:43 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-08-29 09:32:42 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-08-29 09:32:42 ----A---- C:\WINDOWS\system32\icardie.dll
2009-08-29 09:32:42 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-08-29 09:32:42 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-08-29 09:32:42 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-08-29 09:32:42 ----A---- C:\WINDOWS\system32\corpol.dll
2009-08-29 09:32:42 ----A---- C:\WINDOWS\system32\advpack.dll
2009-08-28 15:13:43 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-28 12:32:20 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-08-28 12:32:19 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-08-28 03:09:14 ----RSD---- C:\WINDOWS\Fonts
2009-08-28 03:08:36 ----D---- C:\WINDOWS\system32\spool
2009-08-27 07:18:41 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-08-26 20:26:12 ----A---- C:\WINDOWS\NEXON_EU_DownloaderUpdater.exe
2009-08-26 20:11:52 ----D---- C:\Documents and Settings\Vegard\Programdata\Mozilla
2009-08-26 10:02:23 ----A---- C:\WINDOWS\system32\strmdll.dll
2009-08-24 20:31:54 ----D---- C:\Documents and Settings\Vegard\Programdata\Adobe
2009-08-24 20:29:15 ----D---- C:\WINDOWS\system32\DirectX
2009-08-13 22:40:48 ----D---- C:\Programfiler\Outlook Express
2009-08-13 17:25:05 ----A---- C:\WINDOWS\system32\jscript.dll
2009-08-05 11:01:51 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-04 19:30:22 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-08-04 19:30:22 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-07-25 05:23:00 ----A---- C:\WINDOWS\system32\deploytk.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel-prosessordriver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Tastatur-HID-driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NGS;Norman General Security Driver; \??\c:\programfiler\norman\ngs\bin\ngs.sys []
R1 NPROSEC;Norman Security driver; \??\C:\Programfiler\Norman\Ngs\Bin\nprosec.sys []
R1 TDI_RD;Norman Firewall TDI driver; \??\C:\WINDOWS\system32\drivers\TDI_RD.SYS []
R1 WS2IFSL;Windows Socket 2.0-støttemiljø for ikke-IFS-tjenesteleverandør; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 Ndiskio;Ndiskio; \??\C:\Programfiler\Norman\Nse\Bin\NDISKIO.SYS []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-05 1420288]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA-bussdriver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID-klassedriver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-18 51088]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-18 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-18 21744]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-08-01 4356608]
R3 mouhid;HID-driver for mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-06 12160]
R3 NvcMFlt;NvcMFlt; C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2009-10-08 21832]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]
R3 usbccgp;Microsoft USB generell overordnet driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Driver for standard Microsoft USB-hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniportdriver for Microsoft USB åpen vertskontroller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER-klasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB-masselagringsenhet; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 P3;Intel PentiumIII-prosessordriver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46592]
S3 ac97intc;Installasjonstjeneste for Intel(r) 82801-lyddriver (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 E100B;Intel(R) PRO-kortdriver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-06 117760]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 rtl8139;Realtek RTL8139(A/B/C)-basert PCI Fast Ethernet-kort NT-driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 se59bus;Sony Ericsson Device 089 driver (WDM); C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS); C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM); C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800]
S3 usbscan;USB-skannerdriver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Miniportdriver for Microsoft USB universell vertskontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 YMIDUSB;YAMAHA Corporation USB MIDI Driver; C:\WINDOWS\System32\Drivers\ymidusb.sys [2002-09-25 169984]
S4 adpu320;adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [2002-05-08 105472]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 Symmpi;Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2002-04-04 28416]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-05 405504]
R2 Bonjour Service;Bonjour-tjeneste; C:\Programfiler\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 eLoggerSvc6;Norman eLogger service 6; C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe [2009-10-07 152904]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programfiler\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 MpService;MpService; C:\Programfiler\Canon\MultiPASS4\MPSERVIC.EXE [2002-09-11 57344]
R2 Norman ZANDA;Norman ZANDA; C:\Programfiler\Norman\Npm\Bin\Zanda.exe [2009-10-07 411016]
R2 NPFSvc32;Norman Personal Firewall Service; C:\Programfiler\Norman\npf\bin\npfsvc32.exe [2009-10-07 599424]
R2 NPROSECSVC;Norman Security service; C:\Programfiler\Norman\Ngs\Bin\Nprosec.exe [2009-10-07 124232]
R2 NVOY;Norman Resource Provider; C:\Programfiler\Norman\npm\bin\nvoy.exe [2009-10-07 128328]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod-tjeneste; C:\Programfiler\iPod\bin\iPodService.exe [2009-09-21 545568]
R3 Norman NJeeves;Norman NJeeves; C:\Programfiler\Norman\Npm\Bin\Njeeves.exe [2009-10-07 276712]
R3 NPC;Norman Parental Control; C:\Programfiler\Norman\npc\bin\npcsvc32.exe [2009-10-07 419200]
R3 nsesvc;Norman Scanner Engine Service; C:\Programfiler\Norman\Nse\Bin\NSESVC.EXE [2009-10-09 320840]
R3 NUAA;Norman User Activity Agent; C:\Programfiler\Norman\npc\bin\nuaa.exe [2009-10-07 124232]
R3 nvcoas;Norman Virus Control on-access component; C:\Programfiler\Norman\Nvc\Bin\nvcoas.exe [2009-10-07 197960]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
R3 Scheduler;Norman Scheduler Service; C:\Programfiler\Norman\Npm\Bin\scheduler.exe [2009-10-07 132424]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-01-04 520192]
S2 gupdate1c9d313d654768e;Googles oppdateringstjeneste (gupdate1c9d313d654768e); C:\Programfiler\Google\Update\GoogleUpdate.exe [2009-05-12 133104]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-04 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NVCScheduler;Norman Virus Control Scheduler; C:\Programfiler\Norman\Npm\Bin\Nvcsched.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader-tjeneste; C:\Programfiler\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programfiler\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Programfiler\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-10-21 07:46:12

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0414-0000-0000000FF1CE} /uninstall {3FE135E8-2B21-44ED-99CA-87C782C4F5F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0814-0000-0000000FF1CE} /uninstall {63BBC1EA-E390-403D-BFDE-B53E1D23FF46}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0414-0000-0000000FF1CE} /uninstall {3CC75FEB-8AA6-43F5-958E-0D074633CB2E}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Programfiler\Fellesfiler\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Programfiler\Fellesfiler\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0 - Norsk-->MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced Registry Optimizer-->"C:\Programfiler\Advanced Registry Optimizer\unins000.exe" /silent
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->"C:\Programfiler\AskBarDis\unins000.exe"
ATI - Avinstalleringsverktøy for Programvaren-->C:\Programfiler\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Kontrollpanel-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon MultiPASS Suite 4.30-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{8A508AAA-3B69-4326-B89E-A6166FA05D3C}\mpmaster.exe" -l0x9 -Uninstall
Canon Utilities Easy-PhotoPrint-->C:\WINDOWS\ISUNINST.EXE -fC:\Programfiler\Canon\Easy-PhotoPrint\Uninst.isu -cC:\Programfiler\Canon\Easy-PhotoPrint\EZUNINST.DLL
Fraps-->"C:\Fraps\uninstall.exe"
Google Chrome-->"C:\Programfiler\Google\Chrome\Application\3.0.195.27\Installer\setup.exe" --uninstall --system-level
Google Toolbar for Internet Explorer-->"C:\Programfiler\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Help and Support-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\SETUP.exe" -l0x14 -removeonly
HP Image Zone 4.0-->C:\Programfiler\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
Hurtigreparasjon for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hurtigreparasjon for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Kritisk oppdatering for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
LimeWire 5.1.2-->"C:\Programfiler\LimeWire\uninstall.exe"
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware-->"C:\Programfiler\Malwarebytes' Anti-Malware\unins000.exe"
Media Converter for Philips-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}\Setup.exe" -l0x9
Microsoft .NET Framework 1.1 Norwegian Language Pack-->MsiExec.exe /X{3EAC35F4-FF26-4123-9404-0B5B93DAB570}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Age of Empires II-->"C:\Programfiler\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires-->C:\Programfiler\Microsoft Games\Age of Empires\Uninstal.exe /uninstall
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-0016-0414-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-00A1-0414-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-0018-0414-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-001F-0414-0000-0000000FF1CE}
Microsoft Office Proof (Norwegian (Nynorsk)) 2007-->MsiExec.exe /X{90120000-001F-0814-0000-0000000FF1CE}
Microsoft Office Proofing (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-002C-0414-0000-0000000FF1CE}
Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-006E-0414-0000-0000000FF1CE}
Microsoft Office Word MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-001B-0414-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.5.2)-->C:\Programfiler\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Norman Security Suite-->MsiExec.exe /X{C8B34404-2E52-4C1F-A2B7-D26E46E5974D}
Norton Security Scan-->MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{0A77B7A0-B953-4E39-B4B2-A0181AB9AB06}
OmniPage SE-->MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
Oppdatering for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Pando Media Booster-->C:\Programfiler\Pando Networks\Media Booster\uninst.exe
Photosmart 320,370,7400,8100,8400 Series (nob)-->C:\Programfiler\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
Pivot Stickfigure Animator-->MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
Påloggingsassistent for Windows Live-->MsiExec.exe /I{B965A150-17AB-4EB1-AD98-33149DDBD928}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x14 -removeonly
Ricochet-->"C:\Programfiler\Valve\Steam\steam.exe" steam://uninstall/60
Roxio CinePlayer-->MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
SA60xx Device Manager-->C:\Programfiler\InstallShield Installation Information\{8A6AD979-8170-49ED-8529-14174317B281}\setup.exe -runfromtemp -l0x0009 -removeonly
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sikkerhetsoppdatering for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Smartmenyer (Windows Live Toolbar)-->MsiExec.exe /X{12841457-E894-476B-B4AA-09F403E7B7C6}
Spotify-->"C:\Programfiler\Spotify\uninstall.exe"
Spybot - Search & Destroy-->"C:\Programfiler\Spybot - Search & Destroy\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Uthevingsvisning (Windows Live Toolbar)-->MsiExec.exe /X{846F6102-3B56-4555-8D3D-E45A17C8BCC7}
Utvidelse for Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{DC752A56-5572-454C-9695-154ED6C1A5AB}
Windows Live installer-->MsiExec.exe /X{4218D9DC-282B-4596-BEA5-F20560C14400}
Windows Live Messenger-->MsiExec.exe /X{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}
Windows Live Toolbar-->"C:\Programfiler\Windows Live Toolbar\UnInstall.exe" {C887E8F1-6500-46EA-BF73-3EF636159444}
Windows Live Toolbar-->MsiExec.exe /X{C887E8F1-6500-46EA-BF73-3EF636159444}
Windows Media Format 11 runtime-->"C:\Programfiler\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programfiler\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
World of Warcraft-->C:\Programfiler\Fellesfiler\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe

=====HijackThis Backups=====

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-10-20]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Norman Security Suite
FW: Norman Security Suite

======System event log======

Computer Name: HP15198192156
Event Code: 7035
Message: Pml Driver HPZ12-tjenesten har sendt en start-kontroll.
Record Number: 53147
Source Name: Service Control Manager
Time Written: 20090918073012.000000+120
Event Type: Informasjon
User: HP15198192156\Vegard

Computer Name: HP15198192156
Event Code: 7036
Message: Tjenesten Pml Driver HPZ12 gikk inn i tilstanden Kjører.

Record Number: 53146
Source Name: Service Control Manager
Time Written: 20090918073012.000000+120
Event Type: Informasjon
User:

Computer Name: HP15198192156
Event Code: 7036
Message: Tjenesten IMAPI CD-Burning COM Service gikk inn i tilstanden Kjører.

Record Number: 53145
Source Name: Service Control Manager
Time Written: 20090918073008.000000+120
Event Type: Informasjon
User:

Computer Name: HP15198192156
Event Code: 7035
Message: IMAPI CD-Burning COM Service-tjenesten har sendt en start-kontroll.
Record Number: 53144
Source Name: Service Control Manager
Time Written: 20090918073008.000000+120
Event Type: Informasjon
User: NT-MYNDIGHET\SYSTEM

Computer Name: HP15198192156
Event Code: 7036
Message: Tjenesten SSDP Discovery Service gikk inn i tilstanden Kjører.

Record Number: 53143
Source Name: Service Control Manager
Time Written: 20090918073005.000000+120
Event Type: Informasjon
User:

=====Application event log=====

Computer Name: HP15198192156
Event Code: 0
Message:
Record Number: 5
Source Name: gupdate1c9d313d654768e
Time Written: 20090613214352.000000+120
Event Type: Informasjon
User:

Computer Name: HP15198192156
Event Code: 0
Message:
Record Number: 4
Source Name: LiveUpdate Notice Service
Time Written: 20090613214326.000000+120
Event Type: Informasjon
User:

Computer Name: HP15198192156
Event Code: 0
Message:
Record Number: 3
Source Name: LiveUpdate Notice Service
Time Written: 20090613214323.000000+120
Event Type: Informasjon
User:

Computer Name: HP15198192156
Event Code: 0
Message:
Record Number: 2
Source Name: gupdate1c9d313d654768e
Time Written: 20090613214322.000000+120
Event Type: Informasjon
User:

Computer Name: HP15198192156
Event Code: 105
Message: The service was started.

Record Number: 1
Source Name: ATI Smart
Time Written: 20090613214320.000000+120
Event Type: Informasjon
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programfiler\ATI Technologies\ATI Control Panel;%NpmLib%;C:\Programfiler\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"NpmLib"=C:\Programfiler\Norman\Npm\Bin
"CLASSPATH"=.;C:\Programfiler\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programfiler\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
KillerTapper666
Active Member
 
Posts: 14
Joined: October 12th, 2009, 1:33 am

Re: I'm pretty sure there are some trojan or key loggers.

Unread postby KillerTapper666 » October 21st, 2009, 8:16 am

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-21 14:09:06
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Vegard\LOKALE~1\Temp\kxdoraog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Programfiler\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwCreateProcess [0xF75640D4]
SSDT \??\C:\Programfiler\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwCreateProcessEx [0xF7564104]
SSDT \??\C:\Programfiler\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwCreateThread [0xF75636FC]
SSDT \??\C:\Programfiler\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwTerminateProcess [0xF7564488]
SSDT \??\C:\Programfiler\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwWriteVirtualMemory [0xF7564134]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\hphmon06.exe[252] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\hphmon06.exe[252] WS2_32.dll!htons 71AA2E53 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\hphmon06.exe[252] WS2_32.dll!WSAGetLastError + 2 71AA3CD0 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\WINDOWS\system32\hphmon06.exe[252] WS2_32.dll!closesocket 71AA3E2B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\hphmon06.exe[252] WS2_32.dll!connect 71AA4A07 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\hphmon06.exe[252] WS2_32.dll!WSAEventSelect 71AA64D9 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\hphmon06.exe[252] WS2_32.dll!WSAAsyncSelect 71AB0991 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\hphmon06.exe[252] WS2_32.dll!WSAConnect 71AB0C81 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\hphmon06.exe[252] WS2_32.dll!WSAAccept 71AB0DC1 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\hphmon06.exe[252] WS2_32.dll!accept 71AB1040 6 Bytes JMP 5F100F5A
.text C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[256] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\Programfiler\Skype\Plugin Manager\skypePM.exe[708] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\Programfiler\Skype\Plugin Manager\skypePM.exe[708] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programfiler\Skype\Plugin Manager\skypePM.exe[708] WS2_32.dll!htons 71AA2E53 6 Bytes JMP 5F130F5A
.text C:\Programfiler\Skype\Plugin Manager\skypePM.exe[708] WS2_32.dll!WSAGetLastError + 2 71AA3CD0 4 Bytes [1E, 00, 17, 5F] {PUSH DS; ADD [EDI], DL; POP EDI}
.text C:\Programfiler\Skype\Plugin Manager\skypePM.exe[708] WS2_32.dll!closesocket 71AA3E2B 6 Bytes JMP 5F190F5A
.text C:\Programfiler\Skype\Plugin Manager\skypePM.exe[708] WS2_32.dll!connect 71AA4A07 6 Bytes JMP 5F070F5A
.text C:\Programfiler\Skype\Plugin Manager\skypePM.exe[708] WS2_32.dll!WSAEventSelect 71AA64D9 6 Bytes JMP 5F1F0F5A
.text C:\Programfiler\Skype\Plugin Manager\skypePM.exe[708] WS2_32.dll!WSAAsyncSelect 71AB0991 6 Bytes JMP 5F100F5A
.text C:\Programfiler\Skype\Plugin Manager\skypePM.exe[708] WS2_32.dll!WSAConnect 71AB0C81 6 Bytes JMP 5F0D0F5A
.text C:\Programfiler\Skype\Plugin Manager\skypePM.exe[708] WS2_32.dll!WSAAccept 71AB0DC1 6 Bytes JMP 5F0A0F5A
.text C:\Programfiler\Skype\Plugin Manager\skypePM.exe[708] WS2_32.dll!accept 71AB1040 6 Bytes JMP 5F1C0F5A
.text C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[788] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[788] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[788] WS2_32.dll!htons 71AA2E53 6 Bytes JMP 5F070F5A
.text C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[788] WS2_32.dll!WSAGetLastError + 2 71AA3CD0 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[788] WS2_32.dll!closesocket 71AA3E2B 6 Bytes JMP 5F0D0F5A
.text C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[788] WS2_32.dll!connect 71AA4A07 6 Bytes JMP 5F130F5A
.text C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[788] WS2_32.dll!WSAEventSelect 71AA64D9 6 Bytes JMP 5F1F0F5A
.text C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[788] WS2_32.dll!WSAAsyncSelect 71AB0991 6 Bytes JMP 5F1C0F5A
.text C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[788] WS2_32.dll!WSAConnect 71AB0C81 6 Bytes JMP 5F190F5A
.text C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[788] WS2_32.dll!WSAAccept 71AB0DC1 6 Bytes JMP 5F160F5A
.text C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[788] WS2_32.dll!accept 71AB1040 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\HPZipm12.exe[1844] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe[1928] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe[1928] ws2_32.dll!htons 71AA2E53 6 Bytes JMP 5F100F5A
.text C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe[1928] ws2_32.dll!WSAGetLastError + 2 71AA3CD0 4 Bytes [1E, 00, 14, 5F] {PUSH DS; ADD [EDI+EBX*2], DL}
.text C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe[1928] ws2_32.dll!closesocket 71AA3E2B 6 Bytes JMP 5F160F5A
.text C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe[1928] ws2_32.dll!connect 71AA4A07 6 Bytes JMP 5F1C0F5A
.text C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe[1928] ws2_32.dll!WSAEventSelect 71AA64D9 6 Bytes JMP 5F1F0F5A
.text C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe[1928] ws2_32.dll!WSAAsyncSelect 71AB0991 6 Bytes JMP 5F0D0F5A
.text C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe[1928] ws2_32.dll!WSAConnect 71AB0C81 6 Bytes JMP 5F0A0F5A
.text C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe[1928] ws2_32.dll!WSAAccept 71AB0DC1 6 Bytes JMP 5F070F5A
.text C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe[1928] ws2_32.dll!accept 71AB1040 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[2000] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[2000] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\DOCUME~1\Vegard\LOKALE~1\Temp\Midlertidig mappe 2 for gmer.zip\gmer.exe[2060] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\DOCUME~1\Vegard\LOKALE~1\Temp\Midlertidig mappe 2 for gmer.zip\gmer.exe[2060] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programfiler\Java\jre6\bin\jusched.exe[2088] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[2200] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[2200] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programfiler\Norman\nvc\bin\nvcod.exe[2252] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2508] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2508] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2508] WS2_32.dll!htons 71AA2E53 6 Bytes JMP 5F0A0F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2508] WS2_32.dll!WSAGetLastError + 2 71AA3CD0 4 Bytes [1E, 00, 0E, 5F] {PUSH DS; ADD [ESI], CL; POP EDI}
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2508] WS2_32.dll!closesocket 71AA3E2B 6 Bytes JMP 5F100F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2508] WS2_32.dll!connect 71AA4A07 6 Bytes JMP 5F160F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2508] WS2_32.dll!WSAEventSelect 71AA64D9 6 Bytes JMP 5F1F0F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2508] WS2_32.dll!WSAAsyncSelect 71AB0991 6 Bytes JMP 5F070F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2508] WS2_32.dll!WSAConnect 71AB0C81 6 Bytes JMP 5F1C0F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2508] WS2_32.dll!WSAAccept 71AB0DC1 6 Bytes JMP 5F190F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2508] WS2_32.dll!accept 71AB1040 6 Bytes JMP 5F130F5A
.text C:\Programfiler\iPod\bin\iPodService.exe[2732] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programfiler\iTunes\iTunesHelper.exe[2752] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\Programfiler\iTunes\iTunesHelper.exe[2752] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programfiler\iTunes\iTunesHelper.exe[2752] WS2_32.dll!htons 71AA2E53 6 Bytes JMP 5F160F5A
.text C:\Programfiler\iTunes\iTunesHelper.exe[2752] WS2_32.dll!WSAGetLastError + 2 71AA3CD0 4 Bytes [1E, 00, 1A, 5F] {PUSH DS; ADD [EDX], BL; POP EDI}
.text C:\Programfiler\iTunes\iTunesHelper.exe[2752] WS2_32.dll!closesocket 71AA3E2B 6 Bytes JMP 5F1C0F5A
.text C:\Programfiler\iTunes\iTunesHelper.exe[2752] WS2_32.dll!connect 71AA4A07 6 Bytes JMP 5F0A0F5A
.text C:\Programfiler\iTunes\iTunesHelper.exe[2752] WS2_32.dll!WSAEventSelect 71AA64D9 6 Bytes JMP 5F1F0F5A
.text C:\Programfiler\iTunes\iTunesHelper.exe[2752] WS2_32.dll!WSAAsyncSelect 71AB0991 6 Bytes JMP 5F130F5A
.text C:\Programfiler\iTunes\iTunesHelper.exe[2752] WS2_32.dll!WSAConnect 71AB0C81 6 Bytes JMP 5F100F5A
.text C:\Programfiler\iTunes\iTunesHelper.exe[2752] WS2_32.dll!WSAAccept 71AB0DC1 6 Bytes JMP 5F0D0F5A
.text C:\Programfiler\iTunes\iTunesHelper.exe[2752] WS2_32.dll!accept 71AB1040 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[2792] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[2792] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2940] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2940] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2940] WS2_32.dll!htons 71AA2E53 6 Bytes JMP 5F1C0F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2940] WS2_32.dll!WSAGetLastError + 2 71AA3CD0 4 Bytes [1E, 00, 08, 5F] {PUSH DS; ADD [EAX], CL; POP EDI}
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2940] WS2_32.dll!closesocket 71AA3E2B 6 Bytes JMP 5F0A0F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2940] WS2_32.dll!connect 71AA4A07 6 Bytes JMP 5F100F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2940] WS2_32.dll!WSAEventSelect 71AA64D9 6 Bytes JMP 5F1F0F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2940] WS2_32.dll!WSAAsyncSelect 71AB0991 6 Bytes JMP 5F190F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2940] WS2_32.dll!WSAConnect 71AB0C81 6 Bytes JMP 5F160F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2940] WS2_32.dll!WSAAccept 71AB0DC1 6 Bytes JMP 5F130F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[2940] WS2_32.dll!accept 71AB1040 6 Bytes JMP 5F0D0F5A
.text C:\Programfiler\Windows Live\Messenger\msnmsgr.exe[3196] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programfiler\Windows Live\Messenger\msnmsgr.exe[3196] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programfiler\Windows Live\Messenger\msnmsgr.exe[3196] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0056DBBD C:\Programfiler\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Programfiler\Windows Live\Messenger\msnmsgr.exe[3196] WS2_32.dll!htons 71AA2E53 6 Bytes JMP 5F040F5A
.text C:\Programfiler\Windows Live\Messenger\msnmsgr.exe[3196] WS2_32.dll!WSAGetLastError + 2 71AA3CD0 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Programfiler\Windows Live\Messenger\msnmsgr.exe[3196] WS2_32.dll!closesocket 71AA3E2B 6 Bytes JMP 5F0D0F5A
.text C:\Programfiler\Windows Live\Messenger\msnmsgr.exe[3196] WS2_32.dll!connect 71AA4A07 6 Bytes JMP 5F130F5A
.text C:\Programfiler\Windows Live\Messenger\msnmsgr.exe[3196] WS2_32.dll!WSAEventSelect 71AA64D9 6 Bytes JMP 5F1F0F5A
.text C:\Programfiler\Windows Live\Messenger\msnmsgr.exe[3196] WS2_32.dll!WSAAsyncSelect 71AB0991 6 Bytes JMP 5F1C0F5A
.text C:\Programfiler\Windows Live\Messenger\msnmsgr.exe[3196] WS2_32.dll!WSAConnect 71AB0C81 6 Bytes JMP 5F190F5A
.text C:\Programfiler\Windows Live\Messenger\msnmsgr.exe[3196] WS2_32.dll!WSAAccept 71AB0DC1 6 Bytes JMP 5F160F5A
.text C:\Programfiler\Windows Live\Messenger\msnmsgr.exe[3196] WS2_32.dll!accept 71AB1040 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[3320] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\Programfiler\Messenger\msmsgs.exe[3384] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programfiler\Messenger\msmsgs.exe[3384] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programfiler\Messenger\msmsgs.exe[3384] WS2_32.dll!htons 71AA2E53 6 Bytes JMP 5F040F5A
.text C:\Programfiler\Messenger\msmsgs.exe[3384] WS2_32.dll!WSAGetLastError + 2 71AA3CD0 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Programfiler\Messenger\msmsgs.exe[3384] WS2_32.dll!closesocket 71AA3E2B 6 Bytes JMP 5F0D0F5A
.text C:\Programfiler\Messenger\msmsgs.exe[3384] WS2_32.dll!connect 71AA4A07 6 Bytes JMP 5F130F5A
.text C:\Programfiler\Messenger\msmsgs.exe[3384] WS2_32.dll!WSAEventSelect 71AA64D9 6 Bytes JMP 5F1F0F5A
.text C:\Programfiler\Messenger\msmsgs.exe[3384] WS2_32.dll!WSAAsyncSelect 71AB0991 6 Bytes JMP 5F1C0F5A
.text C:\Programfiler\Messenger\msmsgs.exe[3384] WS2_32.dll!WSAConnect 71AB0C81 6 Bytes JMP 5F190F5A
.text C:\Programfiler\Messenger\msmsgs.exe[3384] WS2_32.dll!WSAAccept 71AB0DC1 6 Bytes JMP 5F160F5A
.text C:\Programfiler\Messenger\msmsgs.exe[3384] WS2_32.dll!accept 71AB1040 6 Bytes JMP 5F100F5A
.text C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe[3476] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe[3476] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe[3476] WS2_32.dll!htons 71AA2E53 6 Bytes JMP 5F0A0F5A
.text C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe[3476] WS2_32.dll!WSAGetLastError + 2 71AA3CD0 4 Bytes [1E, 00, 0E, 5F] {PUSH DS; ADD [ESI], CL; POP EDI}
.text C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe[3476] WS2_32.dll!closesocket 71AA3E2B 6 Bytes JMP 5F100F5A
.text C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe[3476] WS2_32.dll!connect 71AA4A07 6 Bytes JMP 5F160F5A
.text C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe[3476] WS2_32.dll!WSAEventSelect 71AA64D9 6 Bytes JMP 5F1F0F5A
.text C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe[3476] WS2_32.dll!WSAAsyncSelect 71AB0991 6 Bytes JMP 5F070F5A
.text C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe[3476] WS2_32.dll!WSAConnect 71AB0C81 6 Bytes JMP 5F1C0F5A
.text C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe[3476] WS2_32.dll!WSAAccept 71AB0DC1 6 Bytes JMP 5F190F5A
.text C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe[3476] WS2_32.dll!accept 71AB1040 6 Bytes JMP 5F130F5A
.text C:\Programfiler\Skype\Phone\Skype.exe[3532] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\Programfiler\Skype\Phone\Skype.exe[3532] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programfiler\Skype\Phone\Skype.exe[3532] WS2_32.dll!htons 71AA2E53 6 Bytes JMP 5F070F5A
.text C:\Programfiler\Skype\Phone\Skype.exe[3532] WS2_32.dll!WSAGetLastError + 2 71AA3CD0 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Programfiler\Skype\Phone\Skype.exe[3532] WS2_32.dll!closesocket 71AA3E2B 6 Bytes JMP 5F0D0F5A
.text C:\Programfiler\Skype\Phone\Skype.exe[3532] WS2_32.dll!connect 71AA4A07 6 Bytes JMP 5F130F5A
.text C:\Programfiler\Skype\Phone\Skype.exe[3532] WS2_32.dll!WSAEventSelect 71AA64D9 6 Bytes JMP 5F1F0F5A
.text C:\Programfiler\Skype\Phone\Skype.exe[3532] WS2_32.dll!WSAAsyncSelect 71AB0991 6 Bytes JMP 5F1C0F5A
.text C:\Programfiler\Skype\Phone\Skype.exe[3532] WS2_32.dll!WSAConnect 71AB0C81 6 Bytes JMP 5F190F5A
.text C:\Programfiler\Skype\Phone\Skype.exe[3532] WS2_32.dll!WSAAccept 71AB0DC1 6 Bytes JMP 5F160F5A
.text C:\Programfiler\Skype\Phone\Skype.exe[3532] WS2_32.dll!accept 71AB1040 6 Bytes JMP 5F100F5A
.text C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE[3824] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE[3824] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe[4020] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\Programfiler\Canon\MultiPASS4\MPTBox.exe[4048] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe[4056] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe[4072] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] WS2_32.DLL!htons 71AA2E53 6 Bytes JMP 5F070F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] WS2_32.DLL!WSAGetLastError + 2 71AA3CD0 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] WS2_32.DLL!closesocket 71AA3E2B 6 Bytes JMP 5F0D0F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] WS2_32.DLL!connect 71AA4A07 6 Bytes JMP 5F130F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] WS2_32.DLL!WSAEventSelect 71AA64D9 6 Bytes JMP 5F1F0F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] WS2_32.DLL!WSAAsyncSelect 71AB0991 6 Bytes JMP 5F1C0F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] WS2_32.DLL!WSAConnect 71AB0C81 6 Bytes JMP 5F190F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] WS2_32.DLL!WSAAccept 71AB0DC1 6 Bytes JMP 5F160F5A
.text C:\Programfiler\Google\Chrome\Application\chrome.exe[4080] WS2_32.DLL!accept 71AB1040 6 Bytes JMP 5F100F5A
.text C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe[4088] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F71B6594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F71B65F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F71B684A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F71B681C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F71B681C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F71B65F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F71B6594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F71B684A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F71B684A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F71B681C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F71B65F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F71B6594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F71B681C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F71B684A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F71B6594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F71B65F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F71B6594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F71B65F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F71B681C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F71B684A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F71B681C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F71B65F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F71B6594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F71B681C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F71B684A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F71B6594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F71B65F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip TDI_RD.SYS (Norman TDI Firewall Driver/Norman ASA)
AttachedDevice \Driver\Tcpip \Device\Tcp TDI_RD.SYS (Norman TDI Firewall Driver/Norman ASA)
AttachedDevice \Driver\Tcpip \Device\Udp TDI_RD.SYS (Norman TDI Firewall Driver/Norman ASA)
AttachedDevice \Driver\Tcpip \Device\RawIp TDI_RD.SYS (Norman TDI Firewall Driver/Norman ASA)

---- EOF - GMER 1.0.15 ----
KillerTapper666
Active Member
 
Posts: 14
Joined: October 12th, 2009, 1:33 am

Re: I'm pretty sure there are some trojan or key loggers.

Unread postby km2357 » October 21st, 2009, 2:53 pm

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 5.1.2

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new HJT scan when finished and post the log back here.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: I'm pretty sure there are some trojan or key loggers.

Unread postby KillerTapper666 » October 22nd, 2009, 1:28 am

Lime Wire is gone and here comes a new log :D

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:27:00, on 22.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe
C:\Programfiler\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\Programfiler\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programfiler\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\Npm\Bin\scheduler.exe
C:\Programfiler\Norman\npc\bin\npcsvc32.exe
C:\Programfiler\Norman\Npm\Bin\Njeeves.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Norman\Nse\Bin\NSESVC.EXE
C:\Programfiler\Norman\npc\bin\nuaa.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programfiler\Norman\Nvc\Bin\nvcoas.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\Canon\MultiPASS4\MPTBox.exe
C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programfiler\Norman\Npm\Bin\ZLH.EXE
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\Programfiler\Norman\Nvc\Bin\Nip.exe
C:\Programfiler\Norman\Nvc\Bin\cclaw.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Windows Live\Messenger\msnmsgr.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe
C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Google\Chrome\Application\chrome.exe
C:\Programfiler\Google\Chrome\Application\chrome.exe
C:\Programfiler\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programfiler\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Programfiler\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [MPTBox] C:\Programfiler\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Programfiler\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Programfiler\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Programfiler\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AROReminder] C:\Programfiler\Advanced Registry Optimizer\aro.exe -rem
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Googles oppdateringstjeneste (gupdate1c9d313d654768e) (gupdate1c9d313d654768e) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MpService - Canon Inc. - C:\Programfiler\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norman NJeeves - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Programfiler\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programfiler\Norman\Nse\Bin\NSESVC.EXE
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Programfiler\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\Bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Programfiler\Norman\Npm\Bin\Nvcsched.exe (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\scheduler.exe

--
End of file - 13797 bytes
KillerTapper666
Active Member
 
Posts: 14
Joined: October 12th, 2009, 1:33 am

Re: I'm pretty sure there are some trojan or key loggers.

Unread postby km2357 » October 22nd, 2009, 6:39 pm

Step # 1: Add/Remove Programs

Go to Start-Settings-Control Panel, click on Add Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.

Ask Toolbar

Reboot your Computer.


Step # 2: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please include C:\ComboFix.txt in your next reply.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: I'm pretty sure there are some trojan or key loggers.

Unread postby KillerTapper666 » October 23rd, 2009, 8:22 am

ComboFix 09-10-21.02 - Vegard 23.10.2009 8:10.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.894.286 [GMT 2:00]
Kjører fra: c:\documents and settings\Vegard\Mine dokumenter\Downloads\ComboFix.exe
AV: Norman Security Suite *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Norman Security Suite *enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}
.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LHT3.tmp
C:\LHT4.tmp
c:\recycler\S-1-5-21-175210334-2896160362-2507446963-500

.
((((((((((((((((((((((((((( Filer Opprettet Fra 2009-09-23 til 2009-10-23 )))))))))))))))))))))))))))))))))
.

2009-10-21 05:45 . 2009-10-21 05:46 -------- d-----w- C:\rsit
2009-10-20 06:00 . 2009-10-20 06:00 -------- d--h--w- c:\windows\PIF
2009-10-13 12:47 . 2009-10-13 12:47 25680 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-13 12:34 . 2009-10-13 12:34 -------- d-----w- c:\programfiler\iPod
2009-10-13 12:34 . 2009-10-13 12:35 -------- d-----w- c:\programfiler\iTunes
2009-10-13 12:34 . 2009-10-13 12:35 -------- d-----w- c:\documents and settings\All Users\Programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-13 12:31 . 2009-10-13 12:32 -------- d-----w- c:\programfiler\QuickTime
2009-10-13 12:26 . 2009-10-13 12:26 -------- d-----w- c:\programfiler\Safari
2009-10-12 05:18 . 2009-10-12 05:18 -------- d-----w- c:\programfiler\Trend Micro
2009-10-11 18:15 . 2009-10-11 18:15 -------- d-----w- c:\documents and settings\Vegard\Programdata\Malwarebytes
2009-10-11 18:15 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-11 18:15 . 2009-10-11 18:15 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes
2009-10-11 18:15 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-11 18:15 . 2009-10-11 18:15 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware
2009-10-11 17:23 . 2009-10-11 18:15 -------- d-----w- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy
2009-10-11 17:23 . 2009-10-11 17:27 -------- d-----w- c:\programfiler\Spybot - Search & Destroy
2009-10-11 17:13 . 2009-10-11 17:13 -------- d-----w- c:\documents and settings\Vegard\Programdata\Sammsoft
2009-10-11 17:13 . 2009-10-11 17:13 -------- d-----w- c:\programfiler\Advanced Registry Optimizer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 05:57 . 2009-05-12 15:11 -------- d-----w- c:\documents and settings\Vegard\Programdata\Skype
2009-10-23 05:56 . 2009-03-28 08:55 -------- d-----w- c:\programfiler\Norman
2009-10-22 14:46 . 2009-05-12 15:18 -------- d-----w- c:\documents and settings\Vegard\Programdata\skypePM
2009-10-22 05:25 . 2008-01-10 13:48 -------- d-----w- c:\programfiler\LimeWire
2009-10-15 01:13 . 2004-09-10 10:50 79838 ----a-w- c:\windows\system32\perfc014.dat
2009-10-15 01:13 . 2004-09-10 10:50 444344 ----a-w- c:\windows\system32\perfh014.dat
2009-10-15 01:05 . 2007-05-05 08:23 -------- d-----w- c:\documents and settings\All Users\Programdata\Microsoft Help
2009-10-13 17:43 . 2009-04-14 17:13 -------- d-----w- c:\programfiler\World of Warcraft
2009-10-13 12:45 . 2009-07-20 07:54 -------- d-----w- c:\documents and settings\Vegard\Programdata\Apple Computer
2009-10-13 12:34 . 2009-07-20 07:51 -------- d-----w- c:\programfiler\Fellesfiler\Apple
2009-10-08 15:13 . 2009-07-20 07:53 -------- d-----w- c:\programfiler\Bonjour
2009-10-08 10:59 . 2009-03-28 08:56 21832 ----a-w- c:\windows\system32\drivers\nvcw32mf.sys
2009-10-07 12:22 . 2009-03-28 08:56 76944 ----a-w- c:\windows\system32\drivers\tdi_rd.sys
2009-10-07 12:20 . 2009-03-28 08:56 82072 ----a-w- c:\windows\system32\drivers\ndis_rd.sys
2009-10-07 12:20 . 2009-03-28 08:56 44872 ----a-w- c:\windows\system32\drivers\ale_nf.sys
2009-10-07 12:07 . 2009-03-28 08:56 214344 ----a-w- c:\windows\system32\nscrnsav.scr
2009-09-17 17:15 . 2009-03-29 10:26 -------- d-----w- c:\documents and settings\Vegard\Programdata\LimeWire
2009-09-17 15:14 . 2009-08-25 17:41 -------- d-----w- c:\documents and settings\Vegard\Programdata\Spotify
2009-09-13 07:15 . 2007-05-03 06:07 -------- d-----w- c:\programfiler\Java
2009-09-11 14:20 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 18:27 . 2007-10-19 16:36 -------- d-----w- c:\programfiler\Warcraft III
2009-09-04 21:05 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:48 . 2009-06-04 12:18 31184 ----a-w- c:\documents and settings\Vegard\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2009-08-29 07:32 . 2004-08-04 08:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:32 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:32 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-28 01:09 . 2009-08-28 01:09 -------- d-----w- c:\programfiler\MSBuild
2009-08-28 01:09 . 2009-08-28 01:09 -------- d-----w- c:\programfiler\Reference Assemblies
2009-08-26 18:26 . 2009-04-24 18:41 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-08-26 18:11 . 2009-08-26 18:11 0 ----a-w- c:\windows\nsreg.dat
2009-08-26 17:23 . 2009-03-29 10:21 130 ----a-w- c:\documents and settings\Vegard\Lokale innstillinger\Programdata\fusioncache.dat
2009-08-26 08:02 . 2004-08-04 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 17:41 . 2009-08-25 17:41 -------- d-----w- c:\programfiler\Spotify
2009-08-24 18:32 . 2009-08-24 18:32 -------- d-----w- c:\documents and settings\Vegard\Programdata\AdobeUM
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:01 . 2008-04-14 16:22 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:30 . 2004-08-04 08:00 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:30 . 2004-08-04 08:00 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\programfiler\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"AROReminder"="c:\programfiler\Advanced Registry Optimizer\aro.exe" [2008-08-22 2084480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-04 344064]
"SetRefresh"="c:\programfiler\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"MPTBox"="c:\programfiler\Canon\MultiPASS4\MPTBox.exe" [2002-09-11 167936]
"Omnipage"="c:\programfiler\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HPHUPD06"="c:\programfiler\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-07-14 49152]
"HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\programfiler\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-07-14 659456]
"Symantec PIF AlertEng"="c:\programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Norman ZANDA"="c:\programfiler\Norman\Npm\Bin\ZLH.EXE" [2009-10-07 189824]
"NPCTray"="c:\programfiler\Norman\npc\bin\npc_tray.exe" [2009-10-07 128328]
"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\programfiler\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-09-21 305440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Vegard\Start-meny\Programmer\Oppstart\
OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
HP Digital Imaging Monitor.lnk - c:\programfiler\HP\digital imaging\bin\hpqtra08.exe [2004-5-28 241664]
Hurtigstart for Adobe Reader.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Sonic CinePlayer Quick Launch.lnk - c:\programfiler\Fellesfiler\Sonic Shared\CineTray.exe [2005-10-15 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=xgusb.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\Messenger\\msmsgs.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Programdata\\NexonEU\\NGM\\NGM.exe"=
"c:\\Programfiler\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Programdata\\NexonUS\\NGM\\NGM.exe"=
"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=
"c:\\Programfiler\\Spotify\\spotify.exe"=
"c:\\Programfiler\\iTunes\\iTunes.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56592:TCP"= 56592:TCP:Pando Media Booster
"56592:UDP"= 56592:UDP:Pando Media Booster

P2 NPFSvc32;Norman Personal Firewall Service;c:\programfiler\Norman\Npf\Bin\npfsvc32.exe [28.03.2009 10:56 599424]
R0 NDIS_RD;Norman Firewall NDIS driver;c:\windows\system32\drivers\ndis_rd.sys [28.03.2009 10:56 82072]
R1 NGS;Norman General Security Driver;c:\programfiler\Norman\Ngs\Bin\ngs.sys [28.03.2009 10:56 25032]
R1 NPROSEC;Norman Security driver;c:\programfiler\Norman\Ngs\Bin\nprosec.sys [28.03.2009 10:56 56136]
R1 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\tdi_rd.sys [28.03.2009 10:56 76944]
R2 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\Ndiskio.sys [15.10.2009 17:52 24168]
R2 NPROSECSVC;Norman Security service;c:\programfiler\Norman\Ngs\Bin\nprosec.exe [28.03.2009 10:56 124232]
R2 NVOY;Norman Resource Provider;c:\programfiler\Norman\Npm\Bin\nvoy.exe [28.03.2009 10:56 128328]
R3 NPC;Norman Parental Control;c:\programfiler\Norman\Npc\Bin\npcsvc32.exe [28.03.2009 10:56 419200]
R3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\Nse\Bin\Nsesvc.exe [15.10.2009 17:52 320840]
R3 NUAA;Norman User Activity Agent;c:\programfiler\Norman\Npc\Bin\nuaa.exe [28.03.2009 10:56 124232]
R3 Scheduler;Norman Scheduler Service;c:\programfiler\Norman\Npm\Bin\scheduler.exe [12.05.2009 15:23 132424]
S2 gupdate1c9d313d654768e;Googles oppdateringstjeneste (gupdate1c9d313d654768e);c:\programfiler\Google\Update\GoogleUpdate.exe [12.05.2009 17:10 133104]
S3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [28.03.2009 10:56 21832]
S3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\nvc\bin\Nvcoas.exe [28.03.2009 10:56 197960]
S3 NVCScheduler;Norman Virus Control Scheduler;"c:\programfiler\Norman\Npm\Bin\Nvcsched.exe" --> c:\programfiler\Norman\Npm\Bin\Nvcsched.exe [?]

--- Andre tjenester/drivere lastet i minnet ---

*Deregistered* - mchInjDrv
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2009-05-12 15:10]

2009-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2009-05-12 15:10]

2009-10-22 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\programfiler\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-07-14 01:07]

2009-10-21 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-10-23 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-10-23 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job
- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.google.no/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\programfiler\Norman\npc\bin\nlf.dll
FF - ProfilePath - c:\documents and settings\Vegard\Programdata\Mozilla\Firefox\Profiles\nu9xbl9l.default\
FF - plugin: c:\programfiler\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
.
- - - - TOMME PEKERE FJERNET - - - -

AddRemove-Fraps - c:\fraps\uninstall.exe
AddRemove-Steam App 60 - c:\programfiler\Valve\Steam\steam.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 08:14
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\xgusb.cpl
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\xgusb.cpl
.
Tidspunkt ferdig: 2009-10-23 8:16
ComboFix-quarantined-files.txt 2009-10-23 06:16

Pre-Run: 114 298 400 768 byte ledig
Post-Run: 115 311 067 136 byte ledig

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 2585602C1C9353A8E85148BCB80B048C
KillerTapper666
Active Member
 
Posts: 14
Joined: October 12th, 2009, 1:33 am

Re: I'm pretty sure there are some trojan or key loggers.

Unread postby km2357 » October 23rd, 2009, 2:41 pm

Registry Cleaners

Re. Advanced Registry Optimizer

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners:

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.


http://forums.whatthetech.com/Regcleaner_t42862.html

I recommend that you uninstall Advanced Registry Optimizer from your computer.



Step # 1: Run CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    KILLALL::
    
    Folder::
    
    c:\programfiler\LimeWire
    c:\documents and settings\Vegard\Programdata\LimeWire



  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




    Image


    Note: This CFScript is for use on killertapper666's computer only! Do not use it on your computer.


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh DDS Log taken after Step 1 has been completed.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware