(Added an EDIT part at bottom of post)
Hi again deltalima,
it appears I ran into a bit of a problem here. Gmer scan completed after running for 26 hours straight, but when trying to save the log the computer crashed again. (it's likely that something crashed way before that though as my system clock stopped updating about an hour into the scan)
Also, the Security Check program runs fine but is not producing any logfile, I've ran it multiple times but the checkup.txt never pops up.
Here's the OLT logs figured I'd post them now before attempting to do another gmer scan.
(Office is uninstalled)
/** OLT.txt
OTL logfile created on: 28.06.2010 07:44:04 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Eirik\Skrivebord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 48,83 Gb Total Space | 20,31 Gb Free Space | 41,60% Space Free | Partition Type: NTFS
Drive D: | 649,80 Gb Total Space | 292,44 Gb Free Space | 45,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1397,26 Gb Total Space | 677,67 Gb Free Space | 48,50% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: EIRIK-5S2SXZE54
Current User Name: Eirik
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Eirik\Skrivebord\OTL.exe (OldTimer Tools)
PRC - C:\Programfiler\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programfiler\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Programfiler\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Programfiler\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Programfiler\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd -
http://www.all2pdf.com)
PRC - C:\WINDOWS\system32\PrintCtrl.exe (ActMask Co.,Ltd -
HTTP://WWW.ALL2PDF.COM)
PRC - C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Eirik\Skrivebord\OTL.exe (OldTimer Tools)
MOD - C:\Programfiler\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\Programfiler\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (Browser Defender Update Service) -- C:\Programfiler\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Programfiler\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Programfiler\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Printer Control) -- C:\WINDOWS\system32\PrintCtrl.exe (ActMask Co.,Ltd -
HTTP://WWW.ALL2PDF.COM)
SRV - (FLEXnet Licensing Service) -- C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programfiler\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (LBTServ) -- C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (msvsmon90) -- C:\Programfiler\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
SRV - (nSvcLog) -- C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
SRV - (ForcewareWebInterface) -- C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
SRV - (lxcf_device) -- C:\WINDOWS\System32\lxcfcoms.exe ( )
SRV - (IDriverT) -- C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MDM) -- C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (tap0801) -- C:\WINDOWS\system32\drivers\tap0801.sys (The OpenVPN Project)
DRV - (adfs) -- C:\WINDOWS\system32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (JRAID) -- C:\WINDOWS\System32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (nvata) -- C:\WINDOWS\System32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (JGOGO) -- C:\WINDOWS\System32\DRIVERS\JGOGO.sys (JMicron )
DRV - (RT61) Linksys Wireless-G PCI Adapter Driver(RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1220945662-1284227242-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.bt.no/IE - HKU\S-1-5-21-1220945662-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1220945662-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:9.3.2
FF - prefs.js..extensions.enabledItems: {524B8EF8-C312-11DB-8039-536F56D89593}:2.0.0.0
FF - prefs.js..extensions.enabledItems:
facepad@lazyrussian.com:0.5.5
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.2.3
FF - prefs.js..extensions.enabledItems:
foxmarks@kei.com:2.7.2
FF - prefs.js..extensions.enabledItems:
firefox@ghostery.com:1.3.9
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems:
startaid@startaid.com:1.4.4
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.0.4
FF - HKLM\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Programfiler\Spyware Doctor\BDT\FireFox\ [2010.06.24 11:53:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programfiler\Mozilla Firefox\components [2010.06.28 00:28:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programfiler\Mozilla Firefox\plugins [2010.06.28 00:28:15 | 000,000,000 | ---D | M]
[2008.09.11 22:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Extensions
[2010.06.28 00:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\hw2f6fk1.default\extensions
[2010.03.18 09:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\hw2f6fk1.default\extensions\{0a64f55b-5f99-4437-a2ba-d6fd3a01f3e9}
[2010.03.18 09:23:32 | 000,000,000 | ---D | M] (Godfather) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\hw2f6fk1.default\extensions\{0a64f55b-5f99-4437-a2ba-d6fd3a01f3e9}-trash
[2009.07.09 18:55:58 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\hw2f6fk1.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010.05.11 09:01:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\hw2f6fk1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.18 13:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions
[2010.06.18 13:06:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.03.28 00:56:49 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2009.03.28 00:56:48 | 000,000,000 | ---D | M] (Bulk Image Downloader) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{524B8EF8-C312-11DB-8039-536F56D89593}
[2009.03.28 00:56:48 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2009.03.28 00:59:13 | 000,000,000 | ---D | M] (Extension Developer) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}
[2009.03.28 00:56:48 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009.03.28 00:56:48 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009.03.28 00:56:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.04.12 01:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\facepad@lazyrussian.com
[2009.03.28 00:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\firefox@ghostery.com
[2009.04.12 01:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\foxmarks@kei.com
[2009.03.28 00:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions
[2009.03.28 00:54:56 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2009.03.28 00:54:55 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2009.03.28 00:54:55 | 000,000,000 | ---D | M] (Bulk Image Downloader) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{524B8EF8-C312-11DB-8039-536F56D89593}
[2009.03.28 00:54:55 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2009.03.28 00:54:54 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009.03.28 00:54:54 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009.03.28 00:54:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.03.28 00:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\facepad@lazyrussian.com
[2009.03.28 00:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\firefox@ghostery.com
[2009.03.28 00:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\foxmarks@kei.com
[2009.03.28 00:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\startaid@startaid.com
[2010.06.28 00:38:24 | 000,000,000 | ---D | M] -- C:\Programfiler\Mozilla Firefox\extensions
[2010.04.16 08:24:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.06.12 01:51:54 | 000,001,525 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010.06.12 01:51:54 | 000,000,955 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\bok-NO.xml
[2010.06.12 01:51:54 | 000,000,968 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\qxl-NO.xml
[2010.06.12 01:51:54 | 000,001,203 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\telefonkatalogen-NO.xml
[2010.06.12 01:51:54 | 000,001,176 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\wikipedia-NO.xml
[2010.06.12 01:51:54 | 000,001,192 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\yahoo-NO.xml
O1 HOSTS File: ([2009.06.08 21:32:22 | 000,287,256 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1
http://www.007guard.comO1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1
http://www.008k.comO1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1
http://www.00hq.comO1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1
http://www.032439.comO1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1
http://www.0scan.comO1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1
http://www.1000gratisproben.comO1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1
http://www.1001namen.comO1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1
http://www.100888290cs.comO1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1
http://www.100sexlinks.comO1 - Hosts: 127.0.0.1
http://www.10sek.comO1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 127.0.0.1
http://www.123haustiereundmehr.comO1 - Hosts: 9902 more lines...
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programfiler\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programfiler\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1220945662-1284227242-725345543-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1220945662-1284227242-725345543-1003\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programfiler\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programfiler\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ISTray] C:\Programfiler\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] File not found
O4 - HKLM..\Run: [LXCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.DLL ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nTrayFw] C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd -
http://www.all2pdf.com)
O4 - HKLM..\Run: [RTHDCPL] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1220945662-1284227242-725345543-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-1284227242-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O15 - HKU\S-1-5-21-1220945662-1284227242-725345543-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71}
http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes
file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java
file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 192.168.10.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programfiler\Fellesfiler\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll - c:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O24 - Desktop Components:0 (Min gjeldende hjemmeside) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.11 21:31:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9a915dbc-6467-11df-9daf-001e8cb404f8}\Shell - "" = AutoRun
O33 - MountPoints2\{9a915dbc-6467-11df-9daf-001e8cb404f8}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010.06.28 00:54:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Eirik\Siste
[2010.06.28 00:29:41 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eirik\Skrivebord\OTL.exe
[2010.06.27 23:00:44 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Eirik\Skrivebord\MGADiag.exe
[2010.06.15 02:00:06 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2005.07.25 21:31:30 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfserv.dll
[2005.07.25 21:27:22 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcflmpm.dll
[2005.07.25 21:26:58 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomm.dll
[2005.07.25 21:25:26 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfpplc.dll
[2005.07.25 21:24:46 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomc.dll
[2005.07.25 21:24:14 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfprox.dll
[2005.07.25 21:19:36 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfusb1.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Programfiler\*.tmp files -> C:\Programfiler\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010.06.28 07:30:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.28 07:29:42 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.06.28 07:29:39 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1284227242-725345543-1003.job
[2010.06.28 07:29:39 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010.06.28 07:29:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.28 07:29:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.28 00:49:47 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Eirik\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.28 00:29:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eirik\Skrivebord\OTL.exe
[2010.06.28 00:29:18 | 000,867,892 | ---- | M] () -- C:\Documents and Settings\Eirik\Skrivebord\SecurityCheck.exe
[2010.06.28 00:24:44 | 001,606,696 | -H-- | M] () -- C:\Documents and Settings\Eirik\Lokale innstillinger\Programdata\IconCache.db
[2010.06.28 00:22:12 | 002,104,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.28 00:13:33 | 000,000,597 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.27 23:00:46 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Eirik\Skrivebord\MGADiag.exe
[2010.06.27 22:53:17 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\Eirik\Skrivebord\CKScanner.exe
[2010.06.24 12:06:19 | 000,002,431 | ---- | M] () -- C:\Documents and Settings\Eirik\Skrivebord\HiJackThis.lnk
[2010.06.23 16:20:37 | 000,053,384 | ---- | M] () -- C:\Documents and Settings\Eirik\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
[2010.06.23 06:01:10 | 000,264,144 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010.06.23 06:01:10 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010.06.23 06:01:10 | 000,000,192 | ---- | M] () -- C:\WINDOWS\UDB.zip
[2010.06.23 06:01:09 | 001,435,600 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010.06.23 06:01:08 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010.06.23 01:40:03 | 017,301,504 | -H-- | M] () -- C:\Documents and Settings\Eirik\NTUSER.DAT
[2010.06.23 01:39:38 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Eirik\defogger_reenable
[2010.06.23 01:38:54 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Eirik\Skrivebord\Defogger.exe
[2010.06.23 01:37:51 | 000,001,593 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Mozilla Firefox.lnk
[2010.06.23 00:36:57 | 001,148,038 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.23 00:36:57 | 000,493,394 | ---- | M] () -- C:\WINDOWS\System32\perfh014.dat
[2010.06.23 00:36:57 | 000,490,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.23 00:36:57 | 000,098,274 | ---- | M] () -- C:\WINDOWS\System32\perfc014.dat
[2010.06.23 00:36:57 | 000,089,546 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.15 11:54:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.06.08 02:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010.05.30 02:47:06 | 000,088,813 | ---- | M] () -- C:\wubildr
[2010.05.30 02:47:06 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2010.05.30 02:24:26 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2010.05.30 02:24:25 | 000,000,237 | RHS- | M] () -- C:\boot.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Programfiler\*.tmp files -> C:\Programfiler\*.tmp -> ]
========== Files Created - No Company Name ========== [2010.06.28 00:29:13 | 000,867,892 | ---- | C] () -- C:\Documents and Settings\Eirik\Skrivebord\SecurityCheck.exe
[2010.06.27 22:53:16 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\Eirik\Skrivebord\CKScanner.exe
[2010.06.24 12:05:27 | 000,002,431 | ---- | C] () -- C:\Documents and Settings\Eirik\Skrivebord\HiJackThis.lnk
[2010.06.23 01:39:29 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Eirik\defogger_reenable
[2010.06.23 01:38:54 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Eirik\Skrivebord\Defogger.exe
[2010.06.23 01:37:51 | 000,001,593 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Mozilla Firefox.lnk
[2010.05.30 02:47:06 | 000,088,813 | ---- | C] () -- C:\wubildr
[2010.05.30 02:47:06 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2010.04.29 18:55:47 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010.04.29 18:55:47 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010.02.03 16:13:46 | 000,000,084 | ---- | C] () -- C:\WINDOWS\DiskPie95.ini
[2009.11.30 23:30:29 | 001,391,616 | ---- | C] () -- C:\WINDOWS\System32\ActPDF.dll
[2009.11.01 11:11:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009.07.28 12:08:20 | 000,000,106 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2009.03.05 07:01:01 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.03.05 07:01:01 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.03.05 06:58:24 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysEngineDrive1.sys
[2009.01.16 01:04:27 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\jsound.dll
[2009.01.16 01:04:27 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll
[2009.01.16 01:04:27 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll
[2009.01.16 01:04:27 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll
[2009.01.16 01:04:27 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll
[2009.01.16 01:04:27 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll
[2009.01.16 01:04:27 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll
[2009.01.16 01:04:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll
[2009.01.16 01:04:27 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll
[2009.01.16 01:04:27 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll
[2009.01.16 01:04:27 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll
[2009.01.16 01:04:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll
[2009.01.16 01:04:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll
[2009.01.16 01:04:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll
[2009.01.16 01:04:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll
[2009.01.16 01:04:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll
[2009.01.16 01:04:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll
[2009.01.16 01:04:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll
[2009.01.16 01:04:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll
[2009.01.16 01:04:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll
[2009.01.16 01:04:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll
[2008.11.24 13:25:16 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008.11.22 00:56:40 | 000,000,674 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.09.20 11:01:30 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.09.16 08:27:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008.09.11 21:45:06 | 000,000,907 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008.09.11 21:45:06 | 000,000,263 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008.09.11 21:43:02 | 000,013,423 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008.09.11 21:42:25 | 000,013,174 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008.09.11 21:42:25 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008.09.11 21:42:16 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008.06.18 17:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.04.06 11:35:42 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\lxcfinsr.dll
[2006.04.06 11:35:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxcfcur.dll
[2006.04.06 11:35:20 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\lxcfjswr.dll
[2005.07.07 11:12:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcfvs.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Programdata\TEMP:FA5F15C4
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Programdata\TEMP:DFC5A2B2
< End of report >
**/
/**Extras.Txt
OTL Extras logfile created on: 28.06.2010 07:44:04 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Eirik\Skrivebord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 48,83 Gb Total Space | 20,31 Gb Free Space | 41,60% Space Free | Partition Type: NTFS
Drive D: | 649,80 Gb Total Space | 292,44 Gb Free Space | 45,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1397,26 Gb Total Space | 677,67 Gb Free Space | 48,50% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: EIRIK-5S2SXZE54
Current User Name: Eirik
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg [@ = regfile] -- regedit.exe "%1"
[HKEY_USERS\S-1-5-21-1220945662-1284227242-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programfiler\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1
htmlfile [edit] -- "C:\Programfiler\Microsoft Office\OFFICE11\msohtmed.exe" %1 File not found
htmlfile [print] -- "C:\Programfiler\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 File not found
jsfile [edit] -- "C:\Programfiler\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programfiler\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programfiler\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3434:TCP" = 3434:TCP:*:Enabled:Services
"5368:TCP" = 5368:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3434:TCP" = 3434:TCP:*:Enabled:Services
"5368:TCP" = 5368:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\SmartFTP Client\SmartFTP.exe" = E:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5 -- File not found
"E:\Program Files\uTorrent\utorrent.exe" = E:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"D:\spill\eq\LaunchPad.exe" = D:\spill\eq\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"E:\Program Files\mIRC\mirc.exe" = E:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- File not found
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- File not found
"C:\Programfiler\GameSpy\Comrade\Comrade.exe" = C:\Programfiler\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade -- File not found
"C:\Programfiler\Mozilla Firefox\firefox.exe" = C:\Programfiler\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programfiler\LispBox\CLISP\clisp-2.33\full\lisp.exe" = C:\Programfiler\LispBox\CLISP\clisp-2.33\full\lisp.exe:*:Enabled:lisp -- File not found
"D:\games\fm.exe" = D:\games\fm.exe:*:Disabled:Football Manager 2008 -- File not found
"C:\Programfiler\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe" = C:\Programfiler\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"C:\Programfiler\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe" = C:\Programfiler\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"C:\Programfiler\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe" = C:\Programfiler\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"C:\Programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Programfiler\Spotify\spotify.exe" = C:\Programfiler\Spotify\spotify.exe:*:Enabled:Spotify -- File not found
"C:\Programfiler\AVG\AVG8\avgupd.exe" = C:\Programfiler\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Programfiler\AVG\AVG8\avgnsx.exe" = C:\Programfiler\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Programfiler\Opera\opera.exe" = C:\Programfiler\Opera\opera.exe:*:Enabled:Opera Internet Browser -- File not found
"C:\Documents and Settings\Eirik\Lokale innstillinger\Temp\pyl7.tmp\pyrun.exe" = C:\Documents and Settings\Eirik\Lokale innstillinger\Temp\pyl7.tmp\pyrun.exe:*:Enabled:pyrun -- File not found
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C6F7EA4-D42E-4281-90E1-369D44FC761A}" = TortoiseSVN 1.6.8.19260 (32 bit)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DFC4415-8E8F-4ADB-8A0B-2F314A8FD14D}" = Windows Live Messenger
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{20610409-CA18-41A6-9E21-A93AE82EE7C5}" = Visual Studio .NET Professional 2003 - English
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160110}" = Java(TM) SE Development Kit 6 Update 11
"{32A9C5B3-D166-4C6D-A11E-A54473151000}" = Java 3D 1.5.1
"{350C9414-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3d9ac095-e115-4e94-bdef-7f7edf17697d}" = Python 2.6.3
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3B0503-7DF4-4BE7-BC75-F6B02AC78C06}" = Windows Live Essentials
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CB66246-75A7-3829-BD89-F659AC7408CF}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B29E1532-EEAE-3197-A6C6-F87E0D162F4B}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B924C008-D667-3B26-84C6-BD70285F9BFC}" = Microsoft Windows SDK for Windows 7 (7.0)
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Browser Defender_is1" = Browser Defender 3.0.0.2
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"EADM" = EA Download Manager
"EAX(tm) Unified (SHELL)" = EAX(tm) Unified (SHELL)
"FileHippo.com" = FileHippo.com Update Checker
"FLV Player" = FLV Player 2.0, build 24
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.4
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Java Media Framework 2.1.1e" = Java Media Framework 2.1.1e
"Lexmark 730 Series" = Lexmark 730 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Kjøretidsfil for Visual Studio 2005-verktøy for Office, 2. utgave
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MinGW" = MinGW 5.1.4
"mIRC" = mIRC
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Nvu_is1" = Nvu 1.0PR
"RealAlt_is1" = Real Alternative 1.8.0
"SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
"Spyware Doctor" = Spyware Doctor 7.0
"Starcraft" = Starcraft
"Uninstall_is1" = Uninstall 1.0.0.1
"Visual Studio .NET Professional 2003 - English" = Microsoft Visual Studio .NET Professional 2003 - English
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 0.9.8a
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wubi" = Ubuntu
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1220945662-1284227242-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Catmull-Rom Splines" = Catmull-Rom Splines
"Java 3D HelloUniverse via Web Start" = Java 3D HelloUniverse via Web Start
"LWJGL Demo [examples.spaceinvaders.Game]" = LWJGL Demo [examples.spaceinvaders.Game]
"MouseMotionEventDemo" = MouseMotionEventDemo
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 27.06.2010 18:27:35 | Computer Name = EIRIK-5S2SXZE54 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Cannot
load C:/Programfiler/NVIDIA Corporation/NetworkAccessManager/Apache Group/Apache2/modules/mod_auth.so
into server: Den angitte modulen ble ikke funnet. .
Error - 27.06.2010 18:27:45 | Computer Name = EIRIK-5S2SXZE54 | Source = SecurityCenter | ID = 1802
Description = Kan ikke etablere hendelsesspørringer med WMI for å overvåke antivirusprogrammer
og brannmur fra tredjepartsleverandør.
Error - 27.06.2010 18:53:33 | Computer Name = EIRIK-5S2SXZE54 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Syntax
error on line 139 of C:/Programfiler/NVIDIA Corporation/NetworkAccessManager/Apache
Group/Apache2/conf/httpd.conf: .
Error - 27.06.2010 18:53:33 | Computer Name = EIRIK-5S2SXZE54 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Cannot
load C:/Programfiler/NVIDIA Corporation/NetworkAccessManager/Apache Group/Apache2/modules/mod_auth.so
into server: Den angitte modulen ble ikke funnet. .
Error - 27.06.2010 18:53:44 | Computer Name = EIRIK-5S2SXZE54 | Source = SecurityCenter | ID = 1802
Description = Kan ikke etablere hendelsesspørringer med WMI for å overvåke antivirusprogrammer
og brannmur fra tredjepartsleverandør.
Error - 27.06.2010 19:05:22 | Computer Name = EIRIK-5S2SXZE54 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Syntax
error on line 139 of C:/Programfiler/NVIDIA Corporation/NetworkAccessManager/Apache
Group/Apache2/conf/httpd.conf: .
Error - 27.06.2010 19:05:22 | Computer Name = EIRIK-5S2SXZE54 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Cannot
load C:/Programfiler/NVIDIA Corporation/NetworkAccessManager/Apache Group/Apache2/modules/mod_auth.so
into server: Den angitte modulen ble ikke funnet. .
Error - 27.06.2010 19:05:32 | Computer Name = EIRIK-5S2SXZE54 | Source = SecurityCenter | ID = 1802
Description = Kan ikke etablere hendelsesspørringer med WMI for å overvåke antivirusprogrammer
og brannmur fra tredjepartsleverandør.
Error - 28.06.2010 01:29:53 | Computer Name = EIRIK-5S2SXZE54 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Syntax
error on line 139 of C:/Programfiler/NVIDIA Corporation/NetworkAccessManager/Apache
Group/Apache2/conf/httpd.conf: .
Error - 28.06.2010 01:30:00 | Computer Name = EIRIK-5S2SXZE54 | Source = SecurityCenter | ID = 1802
Description = Kan ikke etablere hendelsesspørringer med WMI for å overvåke antivirusprogrammer
og brannmur fra tredjepartsleverandør.
[ System Events ]
Error - 27.06.2010 19:06:31 | Computer Name = EIRIK-5S2SXZE54 | Source = Service Control Manager | ID = 7000
Description = Tjenesten ForceWare Intelligent Application Manager (IAM) kan ikke
startes på grunn av følgende feil: %%1053
Error - 28.06.2010 01:29:36 | Computer Name = EIRIK-5S2SXZE54 | Source = Dhcp | ID = 1002
Description = IP-adresseleasingavtalen 192.168.10.100 for nettverkskortet med nettverksadressen
0021296A65C9 ble avslått av DHCP-serveren 192.168.1.1 (DHCP-serveren sendte en DHCPNACK-melding).
Error - 28.06.2010 01:29:40 | Computer Name = EIRIK-5S2SXZE54 | Source = Dhcp | ID = 1001
Description = Datamaskinen fikk ikke tilordnet en adresse fra nettverket (av DHCP-serveren)
for
nettverkskortet med nettverksadressen 0021296A65C9. Følgende feil oppstod: %%1223.
Datamaskinen
vil fortsette å prøve å hente en adresse på egen hånd fra nettverksadresseserveren
(DHCP).
Error - 28.06.2010 01:31:01 | Computer Name = EIRIK-5S2SXZE54 | Source = Service Control Manager | ID = 7024
Description = Tjenesten Forceware Web Interface ble avbrutt med tjenesteavhengig
feil 1 (0x1).
Error - 28.06.2010 01:31:01 | Computer Name = EIRIK-5S2SXZE54 | Source = Service Control Manager | ID = 7009
Description = Tidsavbrudd (30000 millisekunder). Venter på at tjenesten ForceWare
IP service skal kobles til.
Error - 28.06.2010 01:31:01 | Computer Name = EIRIK-5S2SXZE54 | Source = Service Control Manager | ID = 7000
Description = Tjenesten ForceWare IP service kan ikke startes på grunn av følgende
feil: %%1053
Error - 28.06.2010 01:31:01 | Computer Name = EIRIK-5S2SXZE54 | Source = Service Control Manager | ID = 7009
Description = Tidsavbrudd (30000 millisekunder). Venter på at tjenesten ForceWare
user log service skal kobles til.
Error - 28.06.2010 01:31:01 | Computer Name = EIRIK-5S2SXZE54 | Source = Service Control Manager | ID = 7000
Description = Tjenesten ForceWare user log service kan ikke startes på grunn av
følgende feil: %%1053
Error - 28.06.2010 01:31:01 | Computer Name = EIRIK-5S2SXZE54 | Source = Service Control Manager | ID = 7009
Description = Tidsavbrudd (30000 millisekunder). Venter på at tjenesten ForceWare
Intelligent Application Manager (IAM) skal kobles til.
Error - 28.06.2010 01:31:01 | Computer Name = EIRIK-5S2SXZE54 | Source = Service Control Manager | ID = 7000
Description = Tjenesten ForceWare Intelligent Application Manager (IAM) kan ikke
startes på grunn av følgende feil: %%1053
< End of report >
**/
***********EDIT:
Booted to safemode and did a gmer scan for the different parts one by one (Haven't run the "Files" part yet, will post that when it's completed if it manages to complete), not sure if this is of any use, but I thought I'd try to provide you with the info I can. Guessing the scan for "files" will be done in around 26 more hours)
The parts not listed individually (IAT/EAT, Modules, Processes, Threads, Libraries, Services) all returned the same message (GMER hasn't found any system modification)
******SYSTEM PART******
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-06-29 09:57:50
Windows 5.1.2600 Service Pack 3
Running: 2zf0ddhc.exe; Driver: C:\DOCUME~1\Eirik\LOKALE~1\Temp\kxldifod.sys
---- System - GMER 1.0.15 ----
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB7E9B112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB7E7A2D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB7E7A4C8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB7E9B900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB7E9BBB4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB7E99E12]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB7E9C020]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB7E9B3D2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB7E79F44]
---- EOF - GMER 1.0.15 ----
**********SECTIONS PART************
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-06-29 10:14:49
Windows 5.1.2600 Service Pack 3
Running: 2zf0ddhc.exe; Driver: C:\DOCUME~1\Eirik\LOKALE~1\Temp\kxldifod.sys
---- User code sections - GMER 1.0.15 ----
.text C:\Programfiler\Spyware Doctor\pctsSvc.exe[672] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BC05 C:\Programfiler\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
---- EOF - GMER 1.0.15 ----
*****DEVICES PART*****
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-06-29 10:16:19
Windows 5.1.2600 Service Pack 3
Running: 2zf0ddhc.exe; Driver: C:\DOCUME~1\Eirik\LOKALE~1\Temp\kxldifod.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
*****REGISTRY PART*****
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-06-29 10:33:21
Windows 5.1.2600 Service Pack 3
Running: 2zf0ddhc.exe; Driver: C:\DOCUME~1\Eirik\LOKALE~1\Temp\kxldifod.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programfiler\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD0 0xDC 0x62 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD7 0x59 0x4E 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAA 0x9E 0x77 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0xD0 0x44 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x90 0xDD 0xA3 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x62 0xB1 0x94 0x2A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programfiler\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD0 0xDC 0x62 0xD2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD7 0x59 0x4E 0xB3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAA 0x9E 0x77 0x7B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0xD0 0x44 0x27 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x90 0xDD 0xA3 0xD6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x62 0xB1 0x94 0x2A ...
---- EOF - GMER 1.0.15 ----