Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer crashing issues (possibly rootkit related)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer crashing issues (possibly rootkit related)

Unread postby norp » June 24th, 2010, 7:22 am

Hi,
my computer started acting up a little while back. After a few minutes from starting the machine (10 - 30 mins) the computer completely freezes up and becomes unresponsive. If I try closing down programs or opening new ones after the crash occurs my onboard soundcard starts beeping constantly untill I power off the system. The problems started about a month ago. At first the problems seemed to mainly happen while playing any sort of mediafiles (videos in Media player classic, VLC and Win Media player, and MP3s in WMP). The videos would freeze up and the last 3 seconds of sound would just start going on a loop. (Videos on YouTube or music in Spotify worked fine though) Crashes did occur without me starting mediafiles, but much less frequently, starting a video or mp3 would pretty much guarantee a crash within a minute or two. Currently the crashes happen way more frequently regardless of what programs I start up.
I ran a Malwarebytes antimalware scan back then which showed that I had some rootkit issues. While I know you don't ask for that kind of log here I'll paste in the entries that were altered in case that is relevant. (This is a month old scan, current scan is clean)
Register files infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Files infected:
C:\Programfiler\Mozilla Firefox\o.dat (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Lokale innstillinger\Temp\B.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.

AVG9.0 scan revealed no threats, nor did spybot S&D find any problems.
I've used CCleaner to clean up registry and temp files. Registry cleaner only found a bunch of old references to old uninstalled programs.

I was told by a friend to run a Gmer scan but due to computer crashing before scan was completed I decided to uninstall a ton of programs to help speed up the scan. I'm still unable to run that scan, and I may have gone overboard in deleting some files as I now get an error message on restart saying nTrayFw.exe cannot start due to not finding components(lacking framedyn.dll, seemingly part of the nvidia firewall). Programs removed included large ones like Eclipse and several plugins for Eclipse, NetBeans, (nokia) QT and a couple smaller ones like Spotify, RightMark CPU and memory monitors and a few others that have been on my machine for a long time.

I do not believe that the problems are hardware related as I'm able to boot up my Ubuntu OS and it runs smoothly.
Computer speccs:
Windows XP pro(SP3)
Intel core2 duo CPU E8500 @ 3.16 GHz,
2GIG ram,
NVIDIA GeForce GTX 260
Most my programs should be up to date (FileHippo updater)

I'm sorry if the description seems a little unstructured, trying to get it posted before computer crashes again.

Not sure if I've forgotten any information that may be relevant, but I'll check in frequently, so if there's more info needed I'll provide it quickly.
Thank you for your time :)

/** Hijack this log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:08:28, on 24.06.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programfiler\Google\Gmail Notifier\gnotify.exe
C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe
C:\WINDOWS\system32\PrintDisp.exe
C:\Programfiler\Spyware Doctor\pctsTray.exe
C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\PrintCtrl.exe
C:\Programfiler\Spyware Doctor\pctsAuxs.exe
C:\Programfiler\Spyware Doctor\pctsSvc.exe
C:\Programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programfiler\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bt.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programfiler\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programfiler\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programfiler\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISTray] "C:\Programfiler\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Programfiler\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programfiler\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Printer Control - ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM - C:\WINDOWS\system32\PrintCtrl.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsSvc.exe

--
End of file - 7814 bytes
**/

/** Uninstall list:
µTorrent
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Age of Empires III
Alky for Applications (Windows XP)
Apple Application Support
Apple Software Update
Bonjour
Browser Defender 3.0.0.2
Burnout(TM) Paradise The Ultimate Box
CCleaner
CDDRV_Installer
Combined Community Codec Pack 2008-09-21 16:18
Compatibility Pack for the 2007 Office system
Connect
Crystal Reports Basic for Visual Studio 2008
DAEMON Tools Toolbar
EA Download Manager
EAX(tm) Unified (SHELL)
erLT
FileHippo.com Update Checker
FLV Player 2.0, build 24
Free Video to MP3 Converter version 3.4
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
GIMP 2.6.6
Google Gmail Notifier
Google SketchUp 7
GTA San Andreas
High Definition Audio Driver Package - KB888111
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hurtigreparasjon for Windows Media Player 11 (KB939683)
Hurtigreparasjon for Windows XP (KB952287)
Hurtigreparasjon for Windows XP (KB961118)
Hurtigreparasjon for Windows XP (KB970653-v3)
Hurtigreparasjon for Windows XP (KB976098-v2)
Hurtigreparasjon for Windows XP (KB979306)
Hurtigreparasjon for Windows XP (KB981793)
Java 3D 1.5.1
Java DB 10.4.1.3
Java Media Framework 2.1.1e
Java(TM) 6 Update 20
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 11
JMB36X Raid Configurer
KhalInstallWrapper
Kjøretidsfil for Visual Studio 2005-verktøy for Office, 2. utgave
Kritisk oppdatering for Windows Media Player 11 (KB959772)
kuler
Lexmark 730 Series
Logitech SetPoint
Macromedia Dreamweaver 8
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Professional Edition 2003
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio .NET Professional 2003 - English
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft Windows SDK for Windows 7 (7.0)
MinGW 5.1.4
mIRC
Mozilla Firefox (3.6.4)
MSDN Library for Visual Studio 2008 - ENU
MSDN Library for Visual Studio 2008 - ENU
MSVCRT
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Nero 7 Premium
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA nView Desktop Manager
NVIDIA PhysX
Nvu 1.0PR
OGA Notifier 2.0.0048.0
Oppdatering for Windows Internet Explorer 8 (KB976662)
Oppdatering for Windows Internet Explorer 8 (KB976749)
Oppdatering for Windows Internet Explorer 8 (KB980182)
Oppdatering for Windows XP (KB898461)
Oppdatering for Windows XP (KB951072-v2)
Oppdatering for Windows XP (KB951978)
Oppdatering for Windows XP (KB955759)
Oppdatering for Windows XP (KB955839)
Oppdatering for Windows XP (KB961503)
Oppdatering for Windows XP (KB967715)
Oppdatering for Windows XP (KB968389)
Oppdatering for Windows XP (KB973687)
Oppdatering for Windows XP (KB973815)
PDF Settings CS4
Photoshop Camera Raw
Python 2.6.3
QuickTime
Real Alternative 1.8.0
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Segoe UI
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB971961)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB972260)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB974455)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB978207)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB981332)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB982381)
Sikkerhetsoppdatering for Windows Media Player (KB952069)
Sikkerhetsoppdatering for Windows Media Player (KB954155)
Sikkerhetsoppdatering for Windows Media Player (KB968816)
Sikkerhetsoppdatering for Windows Media Player (KB973540)
Sikkerhetsoppdatering for Windows Media Player (KB978695)
Sikkerhetsoppdatering for Windows Media Player 11 (KB936782)
Sikkerhetsoppdatering for Windows Media Player 11 (KB954154)
Sikkerhetsoppdatering for Windows XP (KB923561)
Sikkerhetsoppdatering for Windows XP (KB938464)
Sikkerhetsoppdatering for Windows XP (KB941569)
Sikkerhetsoppdatering for Windows XP (KB946648)
Sikkerhetsoppdatering for Windows XP (KB950762)
Sikkerhetsoppdatering for Windows XP (KB950974)
Sikkerhetsoppdatering for Windows XP (KB951066)
Sikkerhetsoppdatering for Windows XP (KB951376-v2)
Sikkerhetsoppdatering for Windows XP (KB951698)
Sikkerhetsoppdatering for Windows XP (KB951748)
Sikkerhetsoppdatering for Windows XP (KB952004)
Sikkerhetsoppdatering for Windows XP (KB952954)
Sikkerhetsoppdatering for Windows XP (KB953838)
Sikkerhetsoppdatering for Windows XP (KB953839)
Sikkerhetsoppdatering for Windows XP (KB954211)
Sikkerhetsoppdatering for Windows XP (KB954459)
Sikkerhetsoppdatering for Windows XP (KB954600)
Sikkerhetsoppdatering for Windows XP (KB955069)
Sikkerhetsoppdatering for Windows XP (KB956390)
Sikkerhetsoppdatering for Windows XP (KB956391)
Sikkerhetsoppdatering for Windows XP (KB956572)
Sikkerhetsoppdatering for Windows XP (KB956744)
Sikkerhetsoppdatering for Windows XP (KB956802)
Sikkerhetsoppdatering for Windows XP (KB956803)
Sikkerhetsoppdatering for Windows XP (KB956841)
Sikkerhetsoppdatering for Windows XP (KB956844)
Sikkerhetsoppdatering for Windows XP (KB957095)
Sikkerhetsoppdatering for Windows XP (KB957097)
Sikkerhetsoppdatering for Windows XP (KB958215)
Sikkerhetsoppdatering for Windows XP (KB958644)
Sikkerhetsoppdatering for Windows XP (KB958687)
Sikkerhetsoppdatering for Windows XP (KB958690)
Sikkerhetsoppdatering for Windows XP (KB958869)
Sikkerhetsoppdatering for Windows XP (KB959426)
Sikkerhetsoppdatering for Windows XP (KB960225)
Sikkerhetsoppdatering for Windows XP (KB960714)
Sikkerhetsoppdatering for Windows XP (KB960715)
Sikkerhetsoppdatering for Windows XP (KB960803)
Sikkerhetsoppdatering for Windows XP (KB960859)
Sikkerhetsoppdatering for Windows XP (KB961371)
Sikkerhetsoppdatering for Windows XP (KB961373)
Sikkerhetsoppdatering for Windows XP (KB961501)
Sikkerhetsoppdatering for Windows XP (KB963027)
Sikkerhetsoppdatering for Windows XP (KB968537)
Sikkerhetsoppdatering for Windows XP (KB969059)
Sikkerhetsoppdatering for Windows XP (KB969897)
Sikkerhetsoppdatering for Windows XP (KB969898)
Sikkerhetsoppdatering for Windows XP (KB969947)
Sikkerhetsoppdatering for Windows XP (KB970238)
Sikkerhetsoppdatering for Windows XP (KB971468)
Sikkerhetsoppdatering for Windows XP (KB971486)
Sikkerhetsoppdatering for Windows XP (KB971557)
Sikkerhetsoppdatering for Windows XP (KB971633)
Sikkerhetsoppdatering for Windows XP (KB971657)
Sikkerhetsoppdatering for Windows XP (KB972270)
Sikkerhetsoppdatering for Windows XP (KB973346)
Sikkerhetsoppdatering for Windows XP (KB973354)
Sikkerhetsoppdatering for Windows XP (KB973507)
Sikkerhetsoppdatering for Windows XP (KB973525)
Sikkerhetsoppdatering for Windows XP (KB973869)
Sikkerhetsoppdatering for Windows XP (KB974112)
Sikkerhetsoppdatering for Windows XP (KB974571)
Sikkerhetsoppdatering for Windows XP (KB975025)
Sikkerhetsoppdatering for Windows XP (KB975467)
Sikkerhetsoppdatering for Windows XP (KB975560)
Sikkerhetsoppdatering for Windows XP (KB975561)
Sikkerhetsoppdatering for Windows XP (KB975562)
Sikkerhetsoppdatering for Windows XP (KB975713)
Sikkerhetsoppdatering for Windows XP (KB977165-v2)
Sikkerhetsoppdatering for Windows XP (KB977816)
Sikkerhetsoppdatering for Windows XP (KB977914)
Sikkerhetsoppdatering for Windows XP (KB978037)
Sikkerhetsoppdatering for Windows XP (KB978251)
Sikkerhetsoppdatering for Windows XP (KB978262)
Sikkerhetsoppdatering for Windows XP (KB978338)
Sikkerhetsoppdatering for Windows XP (KB978542)
Sikkerhetsoppdatering for Windows XP (KB978601)
Sikkerhetsoppdatering for Windows XP (KB978706)
Sikkerhetsoppdatering for Windows XP (KB979309)
Sikkerhetsoppdatering for Windows XP (KB979482)
Sikkerhetsoppdatering for Windows XP (KB979559)
Sikkerhetsoppdatering for Windows XP (KB979683)
Sikkerhetsoppdatering for Windows XP (KB980195)
Sikkerhetsoppdatering for Windows XP (KB980218)
Sikkerhetsoppdatering for Windows XP (KB980232)
Spyware Doctor 7.0
SSH Secure Shell
Starcraft
Suite Shared Configuration CS4
TortoiseSVN 1.6.8.19260 (32 bit)
Ubuntu
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 0.9.8a
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows XP Service Pack 3
WinRAR archiver

**/
norp
Active Member
 
Posts: 12
Joined: June 24th, 2010, 6:14 am
Advertisement
Register to Remove

Re: Computer crashing issues (possibly rootkit related)

Unread postby deltalima » June 27th, 2010, 4:00 pm

Hi norp,

Looking at some of the software installed (Microsoft Visual Studio 2008 Professional Edition) this machine would look to be used for business.

Please confirm.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Computer crashing issues (possibly rootkit related)

Unread postby norp » June 27th, 2010, 4:14 pm

Nope, not used for business, personal computer.
I'm a computer science student, VS is something I had to install add a couple of features to a program my professor once made.
norp
Active Member
 
Posts: 12
Joined: June 24th, 2010, 6:14 am

Re: Computer crashing issues (possibly rootkit related)

Unread postby deltalima » June 27th, 2010, 4:28 pm

Hi norp,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    µTorrent


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

CKScanner

  • Please download CKScanner from here to your Desktop.
Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Computer crashing issues (possibly rootkit related)

Unread postby norp » June 27th, 2010, 5:14 pm

Thank you for your reply.

uTorrent is removed as asked and here are the scans you asked for:

/** CKScanner
CKScanner - Additional Security Risks - These are not necessarily bad
c:\programfiler\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\programfiler\ssh communications security\ssh secure shell\ssh-keygen2.exe
scanner sequence 3.AA.11
----- EOF -----
**/

/** MGADiag scan
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-3BHCC-F974Y-9VYYG
Windows Product Key Hash: JxyCLcV8GCgXqU5wGe7ENf3b2OA=
Windows Product ID: 55724-640-5267861-23656
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {DA5927FF-7B3F-4504-8DCE-EA39AD3BE2C1}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.8.31.9
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: FCEE394C-458-8004100a_025D1FF3-344-8004100a_025D1FF3-229-8004100a_025D1FF3-230-1_025D1FF3-238-2
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.8.31.9
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: 100
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 7E90FEE8-169-80004005_B4D0AA8B-587-80004005_FCEE394C-458-8004100a_025D1FF3-344-8004100a_025D1FF3-229-8004100a_025D1FF3-230-1_025D1FF3-238-2

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Programfiler\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{DA5927FF-7B3F-4504-8DCE-EA39AD3BE2C1}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9VYYG</PKey><PID>55724-640-5267861-23656</PID><PIDType>1</PIDType><SID>S-1-5-21-1220945662-1284227242-725345543</SID><SYSTEM/><BIOS/><HWID>BBDB38470184CE78</HWID><UserLCID>0414</UserLCID><SystemLCID>0414</SystemLCID><TimeZone>Vest-Europa (normaltid)(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.8.31.9"/><File Name="WgaLogon.dll" Version="1.8.31.9"/><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110414-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73971-640-0000106-57067</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

**/
norp
Active Member
 
Posts: 12
Joined: June 24th, 2010, 6:14 am

Re: Computer crashing issues (possibly rootkit related)

Unread postby deltalima » June 27th, 2010, 5:21 pm

Hi norp,

Cracked/Keygen related software detected!!!

While going through your logs I found out that you have downloaded various keygen/cracked software and that you are actively using it.

Our forum policy Here says we will not help people who use cracked or pirated software.
You likely got infected by using cracked software or visiting crack sites.
Hence, i would like you to remove all the crack/keygen applications that are present on your system

NOTE: If you give me advice that the software/Keygens have been removed & I find it has not (the tools we use can & will detect it) then I will have no choice but to have this thread closed.
Please decide what you are going to do & let me know.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Computer crashing issues (possibly rootkit related)

Unread postby norp » June 27th, 2010, 5:44 pm

Hi deltalima,
I'm guessing that you are referring to the GIMP and SSH entries.
I honestly have no idea why there is a cracked GIMP listing in there as GIMP is a free program in the first place http://www.gimp.org/. I haven't used GIMP in a long long time though so I can easily remove it.
As for the SSH program that's something we installed from a friends "startup CD" when we built the computer together about 4 years ago, didn't cross my mind that it wasn't a genuine program though I guess I should have known better, my apologies.

Most of the programs I run are freeware / open source apart from a few development platforms (the various Visual Studio installments) which have been provided to me by the school I attend.

I've uninstalled both GIMP and SSH software now.
norp
Active Member
 
Posts: 12
Joined: June 24th, 2010, 6:14 am

Re: Computer crashing issues (possibly rootkit related)

Unread postby deltalima » June 27th, 2010, 5:48 pm

How about Office?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Computer crashing issues (possibly rootkit related)

Unread postby norp » June 27th, 2010, 5:58 pm

That's not genuine? I thought it was, never gotten a warning about it not being genuine at least. We installed it when we built the computer.

If you say it isn't a genuine copy I'll remove it right away, I preferr using Open Office anyways.
norp
Active Member
 
Posts: 12
Joined: June 24th, 2010, 6:14 am

Re: Computer crashing issues (possibly rootkit related)

Unread postby deltalima » June 27th, 2010, 6:04 pm

Hi norp,

That's not genuine?


According to the MGADiag report
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2

That is a Volume Licence Key that has blocked by Microsoft. Good idea to use Open Office

I was told by a friend to run a Gmer scan but due to computer crashing before scan was completed


A GMER scan is what we really need at this point. It is likely that Daemon Tools is causing GMER to fail so we need to run Defogger to disable it.

Defogger
Disable Drivers
Please download DeFogger... by jpshortstuff. Save it to your desktop.
  1. Double click DeFogger.exe to run the tool. The application window will appear.
  2. Click the Disable button to disable your CD Emulation drivers.
  3. Click Yes to continue. A 'Finished!' message will appear. Click OK.
  4. Click OK when DeFogger asks to reboot the machine.
Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Computer crashing issues (possibly rootkit related)

Unread postby deltalima » June 27th, 2010, 6:18 pm

Hi norp,

Please also run this scan.

Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2
  1. Double click the SecurityCheck.exe icon to begin.
  2. Press the Space Bar when you see the "press any key to continue..." message.
    A Notepad results file will open automatically called checkup.txt
  3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
  4. Please copy/paste the entire contents of the checkup.txt file into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Computer crashing issues (possibly rootkit related)

Unread postby norp » June 29th, 2010, 3:54 am

(Added an EDIT part at bottom of post)
Hi again deltalima,
it appears I ran into a bit of a problem here. Gmer scan completed after running for 26 hours straight, but when trying to save the log the computer crashed again. (it's likely that something crashed way before that though as my system clock stopped updating about an hour into the scan)

Also, the Security Check program runs fine but is not producing any logfile, I've ran it multiple times but the checkup.txt never pops up.

Here's the OLT logs figured I'd post them now before attempting to do another gmer scan.

(Office is uninstalled)

/** OLT.txt

OTL logfile created on: 28.06.2010 07:44:04 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Eirik\Skrivebord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 48,83 Gb Total Space | 20,31 Gb Free Space | 41,60% Space Free | Partition Type: NTFS
Drive D: | 649,80 Gb Total Space | 292,44 Gb Free Space | 45,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1397,26 Gb Total Space | 677,67 Gb Free Space | 48,50% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EIRIK-5S2SXZE54
Current User Name: Eirik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Eirik\Skrivebord\OTL.exe (OldTimer Tools)
PRC - C:\Programfiler\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programfiler\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Programfiler\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Programfiler\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Programfiler\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)
PRC - C:\WINDOWS\system32\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
PRC - C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Eirik\Skrivebord\OTL.exe (OldTimer Tools)
MOD - C:\Programfiler\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\Programfiler\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Browser Defender Update Service) -- C:\Programfiler\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Programfiler\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Programfiler\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Printer Control) -- C:\WINDOWS\system32\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
SRV - (FLEXnet Licensing Service) -- C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programfiler\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (LBTServ) -- C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (msvsmon90) -- C:\Programfiler\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
SRV - (nSvcLog) -- C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
SRV - (ForcewareWebInterface) -- C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
SRV - (lxcf_device) -- C:\WINDOWS\System32\lxcfcoms.exe ( )
SRV - (IDriverT) -- C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MDM) -- C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (tap0801) -- C:\WINDOWS\system32\drivers\tap0801.sys (The OpenVPN Project)
DRV - (adfs) -- C:\WINDOWS\system32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (JRAID) -- C:\WINDOWS\System32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (nvata) -- C:\WINDOWS\System32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (JGOGO) -- C:\WINDOWS\System32\DRIVERS\JGOGO.sys (JMicron )
DRV - (RT61) Linksys Wireless-G PCI Adapter Driver(RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1220945662-1284227242-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bt.no/
IE - HKU\S-1-5-21-1220945662-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1220945662-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:9.3.2
FF - prefs.js..extensions.enabledItems: {524B8EF8-C312-11DB-8039-536F56D89593}:2.0.0.0
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.5.5
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.2.3
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:2.7.2
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:1.3.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: startaid@startaid.com:1.4.4
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.0.4

FF - HKLM\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Programfiler\Spyware Doctor\BDT\FireFox\ [2010.06.24 11:53:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programfiler\Mozilla Firefox\components [2010.06.28 00:28:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programfiler\Mozilla Firefox\plugins [2010.06.28 00:28:15 | 000,000,000 | ---D | M]

[2008.09.11 22:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Extensions
[2010.06.28 00:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\hw2f6fk1.default\extensions
[2010.03.18 09:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\hw2f6fk1.default\extensions\{0a64f55b-5f99-4437-a2ba-d6fd3a01f3e9}
[2010.03.18 09:23:32 | 000,000,000 | ---D | M] (Godfather) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\hw2f6fk1.default\extensions\{0a64f55b-5f99-4437-a2ba-d6fd3a01f3e9}-trash
[2009.07.09 18:55:58 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\hw2f6fk1.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010.05.11 09:01:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\hw2f6fk1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.18 13:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions
[2010.06.18 13:06:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.03.28 00:56:49 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2009.03.28 00:56:48 | 000,000,000 | ---D | M] (Bulk Image Downloader) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{524B8EF8-C312-11DB-8039-536F56D89593}
[2009.03.28 00:56:48 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2009.03.28 00:59:13 | 000,000,000 | ---D | M] (Extension Developer) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}
[2009.03.28 00:56:48 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009.03.28 00:56:48 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009.03.28 00:56:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.04.12 01:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\facepad@lazyrussian.com
[2009.03.28 00:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\firefox@ghostery.com
[2009.04.12 01:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\foxmarks@kei.com
[2009.03.28 00:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions
[2009.03.28 00:54:56 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2009.03.28 00:54:55 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2009.03.28 00:54:55 | 000,000,000 | ---D | M] (Bulk Image Downloader) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{524B8EF8-C312-11DB-8039-536F56D89593}
[2009.03.28 00:54:55 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2009.03.28 00:54:54 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009.03.28 00:54:54 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009.03.28 00:54:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.03.28 00:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\facepad@lazyrussian.com
[2009.03.28 00:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\firefox@ghostery.com
[2009.03.28 00:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\foxmarks@kei.com
[2009.03.28 00:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\startaid@startaid.com
[2010.06.28 00:38:24 | 000,000,000 | ---D | M] -- C:\Programfiler\Mozilla Firefox\extensions
[2010.04.16 08:24:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.06.12 01:51:54 | 000,001,525 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010.06.12 01:51:54 | 000,000,955 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\bok-NO.xml
[2010.06.12 01:51:54 | 000,000,968 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\qxl-NO.xml
[2010.06.12 01:51:54 | 000,001,203 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\telefonkatalogen-NO.xml
[2010.06.12 01:51:54 | 000,001,176 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\wikipedia-NO.xml
[2010.06.12 01:51:54 | 000,001,192 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\yahoo-NO.xml

O1 HOSTS File: ([2009.06.08 21:32:22 | 000,287,256 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 http://www.123haustiereundmehr.com
O1 - Hosts: 9902 more lines...
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programfiler\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programfiler\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1220945662-1284227242-725345543-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1220945662-1284227242-725345543-1003\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programfiler\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programfiler\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ISTray] C:\Programfiler\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] File not found
O4 - HKLM..\Run: [LXCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.DLL ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nTrayFw] C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)
O4 - HKLM..\Run: [RTHDCPL] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1220945662-1284227242-725345543-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-1284227242-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O15 - HKU\S-1-5-21-1220945662-1284227242-725345543-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 192.168.10.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programfiler\Fellesfiler\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll - c:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O24 - Desktop Components:0 (Min gjeldende hjemmeside) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.11 21:31:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9a915dbc-6467-11df-9daf-001e8cb404f8}\Shell - "" = AutoRun
O33 - MountPoints2\{9a915dbc-6467-11df-9daf-001e8cb404f8}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.06.28 00:54:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Eirik\Siste
[2010.06.28 00:29:41 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eirik\Skrivebord\OTL.exe
[2010.06.27 23:00:44 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Eirik\Skrivebord\MGADiag.exe
[2010.06.15 02:00:06 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2005.07.25 21:31:30 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfserv.dll
[2005.07.25 21:27:22 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcflmpm.dll
[2005.07.25 21:26:58 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomm.dll
[2005.07.25 21:25:26 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfpplc.dll
[2005.07.25 21:24:46 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomc.dll
[2005.07.25 21:24:14 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfprox.dll
[2005.07.25 21:19:36 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfusb1.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Programfiler\*.tmp files -> C:\Programfiler\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.06.28 07:30:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.28 07:29:42 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.06.28 07:29:39 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1284227242-725345543-1003.job
[2010.06.28 07:29:39 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010.06.28 07:29:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.28 07:29:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.28 00:49:47 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Eirik\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.28 00:29:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eirik\Skrivebord\OTL.exe
[2010.06.28 00:29:18 | 000,867,892 | ---- | M] () -- C:\Documents and Settings\Eirik\Skrivebord\SecurityCheck.exe
[2010.06.28 00:24:44 | 001,606,696 | -H-- | M] () -- C:\Documents and Settings\Eirik\Lokale innstillinger\Programdata\IconCache.db
[2010.06.28 00:22:12 | 002,104,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.28 00:13:33 | 000,000,597 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.27 23:00:46 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Eirik\Skrivebord\MGADiag.exe
[2010.06.27 22:53:17 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\Eirik\Skrivebord\CKScanner.exe
[2010.06.24 12:06:19 | 000,002,431 | ---- | M] () -- C:\Documents and Settings\Eirik\Skrivebord\HiJackThis.lnk
[2010.06.23 16:20:37 | 000,053,384 | ---- | M] () -- C:\Documents and Settings\Eirik\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
[2010.06.23 06:01:10 | 000,264,144 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010.06.23 06:01:10 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010.06.23 06:01:10 | 000,000,192 | ---- | M] () -- C:\WINDOWS\UDB.zip
[2010.06.23 06:01:09 | 001,435,600 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010.06.23 06:01:08 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010.06.23 01:40:03 | 017,301,504 | -H-- | M] () -- C:\Documents and Settings\Eirik\NTUSER.DAT
[2010.06.23 01:39:38 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Eirik\defogger_reenable
[2010.06.23 01:38:54 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Eirik\Skrivebord\Defogger.exe
[2010.06.23 01:37:51 | 000,001,593 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Mozilla Firefox.lnk
[2010.06.23 00:36:57 | 001,148,038 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.23 00:36:57 | 000,493,394 | ---- | M] () -- C:\WINDOWS\System32\perfh014.dat
[2010.06.23 00:36:57 | 000,490,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.23 00:36:57 | 000,098,274 | ---- | M] () -- C:\WINDOWS\System32\perfc014.dat
[2010.06.23 00:36:57 | 000,089,546 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.15 11:54:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.06.08 02:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010.05.30 02:47:06 | 000,088,813 | ---- | M] () -- C:\wubildr
[2010.05.30 02:47:06 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2010.05.30 02:24:26 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2010.05.30 02:24:25 | 000,000,237 | RHS- | M] () -- C:\boot.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Programfiler\*.tmp files -> C:\Programfiler\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.06.28 00:29:13 | 000,867,892 | ---- | C] () -- C:\Documents and Settings\Eirik\Skrivebord\SecurityCheck.exe
[2010.06.27 22:53:16 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\Eirik\Skrivebord\CKScanner.exe
[2010.06.24 12:05:27 | 000,002,431 | ---- | C] () -- C:\Documents and Settings\Eirik\Skrivebord\HiJackThis.lnk
[2010.06.23 01:39:29 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Eirik\defogger_reenable
[2010.06.23 01:38:54 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Eirik\Skrivebord\Defogger.exe
[2010.06.23 01:37:51 | 000,001,593 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Mozilla Firefox.lnk
[2010.05.30 02:47:06 | 000,088,813 | ---- | C] () -- C:\wubildr
[2010.05.30 02:47:06 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2010.04.29 18:55:47 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010.04.29 18:55:47 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010.02.03 16:13:46 | 000,000,084 | ---- | C] () -- C:\WINDOWS\DiskPie95.ini
[2009.11.30 23:30:29 | 001,391,616 | ---- | C] () -- C:\WINDOWS\System32\ActPDF.dll
[2009.11.01 11:11:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009.07.28 12:08:20 | 000,000,106 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2009.03.05 07:01:01 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.03.05 07:01:01 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.03.05 06:58:24 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysEngineDrive1.sys
[2009.01.16 01:04:27 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\jsound.dll
[2009.01.16 01:04:27 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll
[2009.01.16 01:04:27 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll
[2009.01.16 01:04:27 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll
[2009.01.16 01:04:27 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll
[2009.01.16 01:04:27 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll
[2009.01.16 01:04:27 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll
[2009.01.16 01:04:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll
[2009.01.16 01:04:27 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll
[2009.01.16 01:04:27 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll
[2009.01.16 01:04:27 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll
[2009.01.16 01:04:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll
[2009.01.16 01:04:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll
[2009.01.16 01:04:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll
[2009.01.16 01:04:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll
[2009.01.16 01:04:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll
[2009.01.16 01:04:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll
[2009.01.16 01:04:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll
[2009.01.16 01:04:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll
[2009.01.16 01:04:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll
[2009.01.16 01:04:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll
[2008.11.24 13:25:16 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008.11.22 00:56:40 | 000,000,674 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.09.20 11:01:30 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.09.16 08:27:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008.09.11 21:45:06 | 000,000,907 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008.09.11 21:45:06 | 000,000,263 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008.09.11 21:43:02 | 000,013,423 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008.09.11 21:42:25 | 000,013,174 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008.09.11 21:42:25 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008.09.11 21:42:16 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008.06.18 17:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.04.06 11:35:42 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\lxcfinsr.dll
[2006.04.06 11:35:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxcfcur.dll
[2006.04.06 11:35:20 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\lxcfjswr.dll
[2005.07.07 11:12:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcfvs.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Programdata\TEMP:FA5F15C4
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Programdata\TEMP:DFC5A2B2
< End of report >

**/


/**Extras.Txt

OTL Extras logfile created on: 28.06.2010 07:44:04 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Eirik\Skrivebord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 48,83 Gb Total Space | 20,31 Gb Free Space | 41,60% Space Free | Partition Type: NTFS
Drive D: | 649,80 Gb Total Space | 292,44 Gb Free Space | 45,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1397,26 Gb Total Space | 677,67 Gb Free Space | 48,50% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EIRIK-5S2SXZE54
Current User Name: Eirik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_USERS\S-1-5-21-1220945662-1284227242-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programfiler\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1
htmlfile [edit] -- "C:\Programfiler\Microsoft Office\OFFICE11\msohtmed.exe" %1 File not found
htmlfile [print] -- "C:\Programfiler\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 File not found
jsfile [edit] -- "C:\Programfiler\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programfiler\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programfiler\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3434:TCP" = 3434:TCP:*:Enabled:Services
"5368:TCP" = 5368:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3434:TCP" = 3434:TCP:*:Enabled:Services
"5368:TCP" = 5368:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\SmartFTP Client\SmartFTP.exe" = E:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5 -- File not found
"E:\Program Files\uTorrent\utorrent.exe" = E:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"D:\spill\eq\LaunchPad.exe" = D:\spill\eq\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"E:\Program Files\mIRC\mirc.exe" = E:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- File not found
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- File not found
"C:\Programfiler\GameSpy\Comrade\Comrade.exe" = C:\Programfiler\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade -- File not found
"C:\Programfiler\Mozilla Firefox\firefox.exe" = C:\Programfiler\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programfiler\LispBox\CLISP\clisp-2.33\full\lisp.exe" = C:\Programfiler\LispBox\CLISP\clisp-2.33\full\lisp.exe:*:Enabled:lisp -- File not found
"D:\games\fm.exe" = D:\games\fm.exe:*:Disabled:Football Manager 2008 -- File not found
"C:\Programfiler\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe" = C:\Programfiler\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"C:\Programfiler\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe" = C:\Programfiler\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"C:\Programfiler\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe" = C:\Programfiler\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"C:\Programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Programfiler\Spotify\spotify.exe" = C:\Programfiler\Spotify\spotify.exe:*:Enabled:Spotify -- File not found
"C:\Programfiler\AVG\AVG8\avgupd.exe" = C:\Programfiler\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Programfiler\AVG\AVG8\avgnsx.exe" = C:\Programfiler\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Programfiler\Opera\opera.exe" = C:\Programfiler\Opera\opera.exe:*:Enabled:Opera Internet Browser -- File not found
"C:\Documents and Settings\Eirik\Lokale innstillinger\Temp\pyl7.tmp\pyrun.exe" = C:\Documents and Settings\Eirik\Lokale innstillinger\Temp\pyl7.tmp\pyrun.exe:*:Enabled:pyrun -- File not found
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C6F7EA4-D42E-4281-90E1-369D44FC761A}" = TortoiseSVN 1.6.8.19260 (32 bit)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DFC4415-8E8F-4ADB-8A0B-2F314A8FD14D}" = Windows Live Messenger
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{20610409-CA18-41A6-9E21-A93AE82EE7C5}" = Visual Studio .NET Professional 2003 - English
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160110}" = Java(TM) SE Development Kit 6 Update 11
"{32A9C5B3-D166-4C6D-A11E-A54473151000}" = Java 3D 1.5.1
"{350C9414-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3d9ac095-e115-4e94-bdef-7f7edf17697d}" = Python 2.6.3
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3B0503-7DF4-4BE7-BC75-F6B02AC78C06}" = Windows Live Essentials
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CB66246-75A7-3829-BD89-F659AC7408CF}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B29E1532-EEAE-3197-A6C6-F87E0D162F4B}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B924C008-D667-3B26-84C6-BD70285F9BFC}" = Microsoft Windows SDK for Windows 7 (7.0)
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Browser Defender_is1" = Browser Defender 3.0.0.2
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"EADM" = EA Download Manager
"EAX(tm) Unified (SHELL)" = EAX(tm) Unified (SHELL)
"FileHippo.com" = FileHippo.com Update Checker
"FLV Player" = FLV Player 2.0, build 24
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.4
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Java Media Framework 2.1.1e" = Java Media Framework 2.1.1e
"Lexmark 730 Series" = Lexmark 730 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Kjøretidsfil for Visual Studio 2005-verktøy for Office, 2. utgave
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MinGW" = MinGW 5.1.4
"mIRC" = mIRC
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Nvu_is1" = Nvu 1.0PR
"RealAlt_is1" = Real Alternative 1.8.0
"SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
"Spyware Doctor" = Spyware Doctor 7.0
"Starcraft" = Starcraft
"Uninstall_is1" = Uninstall 1.0.0.1
"Visual Studio .NET Professional 2003 - English" = Microsoft Visual Studio .NET Professional 2003 - English
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 0.9.8a
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wubi" = Ubuntu
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1220945662-1284227242-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Catmull-Rom Splines" = Catmull-Rom Splines
"Java 3D HelloUniverse via Web Start" = Java 3D HelloUniverse via Web Start
"LWJGL Demo [examples.spaceinvaders.Game]" = LWJGL Demo [examples.spaceinvaders.Game]
"MouseMotionEventDemo" = MouseMotionEventDemo

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27.06.2010 18:27:35 | Computer Name = EIRIK-5S2SXZE54 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Cannot
load C:/Programfiler/NVIDIA Corporation/NetworkAccessManager/Apache Group/Apache2/modules/mod_auth.so
into server: Den angitte modulen ble ikke funnet. .

Error - 27.06.2010 18:27:45 | Computer Name = EIRIK-5S2SXZE54 | Source = SecurityCenter | ID = 1802
Description = Kan ikke etablere hendelsesspørringer med WMI for å overvåke antivirusprogrammer
og brannmur fra tredjepartsleverandør.

Error - 27.06.2010 18:53:33 | Computer Name = EIRIK-5S2SXZE54 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Syntax
error on line 139 of C:/Programfiler/NVIDIA Corporation/NetworkAccessManager/Apache
Group/Apache2/conf/httpd.conf: .

Error - 27.06.2010 18:53:33 | Computer Name = EIRIK-5S2SXZE54 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Cannot
load C:/Programfiler/NVIDIA Corporation/NetworkAccessManager/Apache Group/Apache2/modules/mod_auth.so
into server: Den angitte modulen ble ikke funnet. .

Error - 27.06.2010 18:53:44 | Computer Name = EIRIK-5S2SXZE54 | Source = SecurityCenter | ID = 1802
Description = Kan ikke etablere hendelsesspørringer med WMI for å overvåke antivirusprogrammer
og brannmur fra tredjepartsleverandør.

Error - 27.06.2010 19:05:22 | Computer Name = EIRIK-5S2SXZE54 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Syntax
error on line 139 of C:/Programfiler/NVIDIA Corporation/NetworkAccessManager/Apache
Group/Apache2/conf/httpd.conf: .

Error - 27.06.2010 19:05:22 | Computer Name = EIRIK-5S2SXZE54 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Cannot
load C:/Programfiler/NVIDIA Corporation/NetworkAccessManager/Apache Group/Apache2/modules/mod_auth.so
into server: Den angitte modulen ble ikke funnet. .

Error - 27.06.2010 19:05:32 | Computer Name = EIRIK-5S2SXZE54 | Source = SecurityCenter | ID = 1802
Description = Kan ikke etablere hendelsesspørringer med WMI for å overvåke antivirusprogrammer
og brannmur fra tredjepartsleverandør.

Error - 28.06.2010 01:29:53 | Computer Name = EIRIK-5S2SXZE54 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Syntax
error on line 139 of C:/Programfiler/NVIDIA Corporation/NetworkAccessManager/Apache
Group/Apache2/conf/httpd.conf: .

Error - 28.06.2010 01:30:00 | Computer Name = EIRIK-5S2SXZE54 | Source = SecurityCenter | ID = 1802
Description = Kan ikke etablere hendelsesspørringer med WMI for å overvåke antivirusprogrammer
og brannmur fra tredjepartsleverandør.

[ System Events ]
Error - 27.06.2010 19:06:31 | Computer Name = EIRIK-5S2SXZE54 | Source = Service Control Manager | ID = 7000
Description = Tjenesten ForceWare Intelligent Application Manager (IAM) kan ikke
startes på grunn av følgende feil: %%1053

Error - 28.06.2010 01:29:36 | Computer Name = EIRIK-5S2SXZE54 | Source = Dhcp | ID = 1002
Description = IP-adresseleasingavtalen 192.168.10.100 for nettverkskortet med nettverksadressen
0021296A65C9 ble avslått av DHCP-serveren 192.168.1.1 (DHCP-serveren sendte en DHCPNACK-melding).

Error - 28.06.2010 01:29:40 | Computer Name = EIRIK-5S2SXZE54 | Source = Dhcp | ID = 1001
Description = Datamaskinen fikk ikke tilordnet en adresse fra nettverket (av DHCP-serveren)
for
nettverkskortet med nettverksadressen 0021296A65C9. Følgende feil oppstod: %%1223.
Datamaskinen
vil fortsette å prøve å hente en adresse på egen hånd fra nettverksadresseserveren
(DHCP).

Error - 28.06.2010 01:31:01 | Computer Name = EIRIK-5S2SXZE54 | Source = Service Control Manager | ID = 7024
Description = Tjenesten Forceware Web Interface ble avbrutt med tjenesteavhengig
feil 1 (0x1).

Error - 28.06.2010 01:31:01 | Computer Name = EIRIK-5S2SXZE54 | Source = Service Control Manager | ID = 7009
Description = Tidsavbrudd (30000 millisekunder). Venter på at tjenesten ForceWare
IP service skal kobles til.

Error - 28.06.2010 01:31:01 | Computer Name = EIRIK-5S2SXZE54 | Source = Service Control Manager | ID = 7000
Description = Tjenesten ForceWare IP service kan ikke startes på grunn av følgende
feil: %%1053

Error - 28.06.2010 01:31:01 | Computer Name = EIRIK-5S2SXZE54 | Source = Service Control Manager | ID = 7009
Description = Tidsavbrudd (30000 millisekunder). Venter på at tjenesten ForceWare
user log service skal kobles til.

Error - 28.06.2010 01:31:01 | Computer Name = EIRIK-5S2SXZE54 | Source = Service Control Manager | ID = 7000
Description = Tjenesten ForceWare user log service kan ikke startes på grunn av
følgende feil: %%1053

Error - 28.06.2010 01:31:01 | Computer Name = EIRIK-5S2SXZE54 | Source = Service Control Manager | ID = 7009
Description = Tidsavbrudd (30000 millisekunder). Venter på at tjenesten ForceWare
Intelligent Application Manager (IAM) skal kobles til.

Error - 28.06.2010 01:31:01 | Computer Name = EIRIK-5S2SXZE54 | Source = Service Control Manager | ID = 7000
Description = Tjenesten ForceWare Intelligent Application Manager (IAM) kan ikke
startes på grunn av følgende feil: %%1053


< End of report >

**/

***********EDIT:
Booted to safemode and did a gmer scan for the different parts one by one (Haven't run the "Files" part yet, will post that when it's completed if it manages to complete), not sure if this is of any use, but I thought I'd try to provide you with the info I can. Guessing the scan for "files" will be done in around 26 more hours)

The parts not listed individually (IAT/EAT, Modules, Processes, Threads, Libraries, Services) all returned the same message (GMER hasn't found any system modification)

******SYSTEM PART******
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-29 09:57:50
Windows 5.1.2600 Service Pack 3
Running: 2zf0ddhc.exe; Driver: C:\DOCUME~1\Eirik\LOKALE~1\Temp\kxldifod.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB7E9B112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB7E7A2D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB7E7A4C8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB7E9B900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB7E9BBB4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB7E99E12]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB7E9C020]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB7E9B3D2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB7E79F44]

---- EOF - GMER 1.0.15 ----

**********SECTIONS PART************
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-29 10:14:49
Windows 5.1.2600 Service Pack 3
Running: 2zf0ddhc.exe; Driver: C:\DOCUME~1\Eirik\LOKALE~1\Temp\kxldifod.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Programfiler\Spyware Doctor\pctsSvc.exe[672] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BC05 C:\Programfiler\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)

---- EOF - GMER 1.0.15 ----

*****DEVICES PART*****
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-29 10:16:19
Windows 5.1.2600 Service Pack 3
Running: 2zf0ddhc.exe; Driver: C:\DOCUME~1\Eirik\LOKALE~1\Temp\kxldifod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


*****REGISTRY PART*****
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-29 10:33:21
Windows 5.1.2600 Service Pack 3
Running: 2zf0ddhc.exe; Driver: C:\DOCUME~1\Eirik\LOKALE~1\Temp\kxldifod.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programfiler\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD0 0xDC 0x62 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD7 0x59 0x4E 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAA 0x9E 0x77 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0xD0 0x44 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x90 0xDD 0xA3 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x62 0xB1 0x94 0x2A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programfiler\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD0 0xDC 0x62 0xD2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD7 0x59 0x4E 0xB3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAA 0x9E 0x77 0x7B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0xD0 0x44 0x27 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x90 0xDD 0xA3 0xD6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x62 0xB1 0x94 0x2A ...

---- EOF - GMER 1.0.15 ----
Last edited by norp on June 29th, 2010, 4:54 am, edited 1 time in total.
norp
Active Member
 
Posts: 12
Joined: June 24th, 2010, 6:14 am

Re: Computer crashing issues (possibly rootkit related)

Unread postby deltalima » June 29th, 2010, 4:13 am

Hi norp,

Please tell me about your antivirus, in your initial post you say

AVG9.0 scan revealed no threats
and yet I see no sign of AVG9 or any other antivirus in the HijackThis log.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Computer crashing issues (possibly rootkit related)

Unread postby norp » June 29th, 2010, 5:09 am

Hi deltalima,
I uninstalled AVG9.0 before coming here, for some reason there were two seperate AVG threads running in processes tab each using about 45% of my CPU, I figured it was bugged and wanted to see if removing it slowed down the frequency of my crashes(it didn't). Guess my machine must have crashed before I reinstalled and I forgot all about it. Should I reinstall it now or would that interfere with this diagnosis phase?
The version I used was the free version, not sure what features that lack that the premium version has but I did a full scan without finding anything on two different occations.

Running the Rootkit Unhooker now, should I select all HDDs for scan or just C: like with GMER?

Also, not sure if you noticed my EDIT in my last post as you posted reply at about same time as I edited.
norp
Active Member
 
Posts: 12
Joined: June 24th, 2010, 6:14 am

Re: Computer crashing issues (possibly rootkit related)

Unread postby deltalima » June 29th, 2010, 5:15 am

norp wrote:Running the Rootkit Unhooker now, should I select all HDDs for scan or just C: like with GMER?


Please just select C:
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware