Hello deltalima! Thanks alot for your support and help to remove the malware from my computer
Your OTL Scan program stopped at a certain file for a few seconds which in all likelihood is a virus file located at:
C:\Documents and Settings\All Users\Dokument\bjihvp.exe
Im not touching it im just telling you so you know! I love all these little programs that can find these impostering files and together we will exterminate all of them!
OTL Scan:OTL logfile created on: 2010-12-21 21:28:13 - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Jacob\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 127,99 Gb Total Space | 12,51 Gb Free Space | 9,77% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 6,70 Gb Free Space | 1,12% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 8,05 Gb Free Space | 0,86% Space Free | Partition Type: NTFS
Drive G: | 337,77 Gb Total Space | 5,52 Gb Free Space | 1,63% Space Free | Partition Type: NTFS
Drive I: | 1863,01 Gb Total Space | 725,45 Gb Free Space | 38,94% Space Free | Partition Type: NTFS
Computer Name: JAKE | User Name: Jacob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Jacob\Skrivbord\OTL.exe (OldTimer Tools)
PRC - C:\Program\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program\Tele2\Tele2 Sjaelvhjaelp\m2Service.exe ()
PRC - C:\Norman\Nse\Bin\Nsesvc.exe (Norman ASA)
PRC - C:\Norman\NVC\Bin\Nvcoas.exe (Norman ASA)
PRC - C:\Norman\NVC\Bin\CClaw.exe (Norman ASA)
PRC - C:\Norman\npm\bin\Njeeves.exe (Norman ASA)
PRC - C:\Norman\npm\bin\scheduler.exe (Norman ASA)
PRC - C:\Norman\Ngs\Bin\nprosec.exe (Norman ASA)
PRC - C:\Norman\npm\bin\Zanda.exe (Norman ASA)
PRC - C:\Norman\npm\bin\Zlh.exe (Norman ASA)
PRC - C:\Norman\npm\bin\nvoy.exe (Norman ASA)
PRC - C:\Program\Delade filer\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Norman\npm\bin\elogsvc.exe (Norman ASA)
PRC - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\Program\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Jacob\Skrivbord\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (PnkBstrA) -- C:\WINDOWS\System32\PnkBstrA.exe File not found
SRV - (NVCScheduler) -- C:\Norman\Nvc\BIN\NVCSCHED.EXE File not found
SRV - (Apple Mobile Device) -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (RIS) -- C:\Program\Tele2\Tele2 Sjaelvhjaelp\m2Service.exe ()
SRV - (nsesvc) -- C:\Norman\nse\bin\NSESVC.EXE (Norman ASA)
SRV - (nvcoas) -- C:\Norman\Nvc\bin\nvcoas.exe (Norman ASA)
SRV - (Adobe LM Service) -- C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Norman NJeeves) -- C:\Norman\Npm\Bin\Njeeves.exe (Norman ASA)
SRV - (Scheduler) -- C:\Norman\Npm\Bin\scheduler.exe (Norman ASA)
SRV - (NPROSECSVC) -- C:\Norman\Ngs\Bin\Nprosec.exe (Norman ASA)
SRV - (Norman ZANDA) -- C:\Norman\Npm\Bin\Zanda.exe (Norman ASA)
SRV - (AODService) -- C:\Program\AMD\OverDrive\AODAssist.exe ()
SRV - (NVOY) -- C:\Norman\npm\bin\nvoy.exe (Norman ASA)
SRV - (LightScribeService) -- C:\Program\Delade filer\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (aawservice) -- C:\Program\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (eLoggerSvc6) -- C:\Norman\Npm\bin\ELOGSVC.EXE (Norman ASA)
SRV - (nTuneService) -- C:\Program\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
========== Driver Services (SafeList) ========== DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
DRV - (Cardex) -- C:\WINDOWS\System32\drivers\TBPANEL.SYS File not found
DRV - (AtiHdmiService) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys File not found
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (DualCoreCenter) -- C:\Program\MSI\DualCoreCenter\NTGLM7X.sys (MICRO-STAR INT'L CO., LTD.)
DRV - (NPROSEC) -- C:\Norman\Ngs\Bin\nprosec.sys (Norman ASA)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (NGS) -- c:\Norman\Ngs\Bin\ngs.sys (Norman ASA)
DRV - (NvcMFlt) -- C:\WINDOWS\system32\drivers\nvcw32mf.sys (Norman ASA)
DRV - (RushTopDevice2) -- C:\Program\MSI\DualCoreCenter\RushTop.sys (Your Corporation)
DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program\CyberLink\PowerDVD8\000.fcl (Cyberlink Corp.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (usbaudio) USB-ljuddrivrutiner (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (FTT3) -- C:\WINDOWS\System32\DRIVERS\FTT3.sys (Promise Technology, Inc.)
DRV - (ASUDriver) -- C:\Program\AMD\AMD OverDrive\i386\AODDriver.sys ()
DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (Ndiskio) -- C:\Norman\Nse\Bin\Ndiskio.sys (Norman ASA)
DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (M2500) -- C:\WINDOWS\system32\drivers\M2500.sys (Ralink Technology Inc.)
DRV - (m4cxwxp) -- C:\WINDOWS\system32\drivers\m4cxwxp.sys (D-Link Corporation)
DRV - (MXOFX) USB Storage Adapter FX (MXO) -- C:\WINDOWS\system32\drivers\MXOFX.SYS (Cypress Semiconductor)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.se/IE - HKU\S-1-5-21-1454471165-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1454471165-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems:
sv@dictionaries.addons.mozilla.org:1.44
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems:
toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program\DivX\DivX Plus Web Player\firefox\html5video [2010-12-14 13:43:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program\DivX\DivX Plus Web Player\firefox\wpa [2010-12-14 13:43:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.13\Extensions\\Components: C:\Program\mozilla.org\Mozilla\Components [2010-11-29 02:05:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.13\Extensions\\Plugins: C:\Program\mozilla.org\Mozilla\Plugins [2010-11-30 15:04:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program\Mozilla Firefox\components [2010-12-11 17:42:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program\Mozilla Firefox\plugins [2010-12-11 17:42:00 | 000,000,000 | ---D | M]
[2008-08-29 17:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacob\Application Data\Mozilla\Extensions
[2010-12-21 16:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\c7wpk6xc.default\extensions
[2010-07-24 14:43:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\c7wpk6xc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-12-07 11:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\c7wpk6xc.default\extensions\sv@dictionaries.addons.mozilla.org
[2010-11-26 19:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\c7wpk6xc.default\extensions\toolbar@ask.com
[2010-12-21 16:45:37 | 000,000,000 | ---D | M] -- C:\Program\Mozilla Firefox\extensions
[2010-05-11 12:37:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-11 14:19:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-10-20 15:52:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-12-19 05:28:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010-11-12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010-04-10 16:07:52 | 000,000,253 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WgEDmBHO Class) - {D7EE14D1-9317-4a59-9EE6-EE64F22B5B10} - C:\Program\Right Ascension, Inc\Empire Download Manager\ieedm.dll ()
O3 - HKLM\..\Toolbar: (BS.Player ControlBar) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program\BS.Player ControlBar\BSToolbar.dll ()
O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\..\Toolbar\WebBrowser: (BS.Player ControlBar) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program\BS.Player ControlBar\BSToolbar.dll ()
O3 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AODAssist.exe] C:\Program\AMD\AMD OverDrive\AODAssist.exe ()
O4 - HKLM..\Run: [DelReg] C:\Program\MSI\DualCoreCenter\DelReg.exe ()
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)
O4 - HKLM..\Run: [Norman ZANDA] C:\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [StartCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\DualCoreCenter.lnk = C:\Program\MSI\DualCoreCenter\StartUpDualCoreCenter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\..Trusted Domains: telenor.se ([www] https in Trusted sites)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
http://www.kaspersky.com/kos/eng/partne ... nicode.cab (CKAVWebScan Object)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E}
http://www.nvidia.com/content/DriverDow ... eqlab3.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab (DLM Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}
http://www.nvidia.com/content/DriverDow ... eqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348}
http://www.octoshape.com/test/ax/octoshape.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98}
http://www.yougamers.com/systeminfo/MSC3.cab (Measurement Services Client v.3.12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-01-09 02:17:54 | 000,000,049 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0eeecfa6-fb6c-11dc-8f83-000d886c0ca0}\Shell\AutoRun\command - "" = H:\Launch.exe -- File not found
O33 - MountPoints2\{12733b4d-1976-11df-8499-000d886c0ca0}\Shell - "" = AutoRun
O33 - MountPoints2\{12733b4d-1976-11df-8499-000d886c0ca0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010-12-21 21:03:58 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jacob\Skrivbord\OTL.exe
[2010-12-19 05:28:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-12-19 05:28:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-12-19 05:28:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-12-18 19:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010-12-18 17:45:46 | 000,000,000 | ---D | C] -- C:\Program\ATI Technologies
[2010-12-16 18:32:21 | 000,000,000 | ---D | C] -- C:\Program\TweakNow RegCleaner
[2010-12-16 18:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacob\Application Data\TweakNow RegCleaner
[2010-12-16 18:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacob\Application Data\GetRightToGo
[2010-12-16 18:25:17 | 000,102,416 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\RTNUninst32.dll
[2010-12-16 17:39:27 | 000,000,000 | ---D | C] -- C:\Program\Western Digital Corporation
[2010-12-15 10:03:00 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010-12-15 10:01:46 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010-12-14 13:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacob\Application Data\Local
[2010-12-14 13:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Google
[2010-12-14 13:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\Temp
[2010-12-14 13:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Google
[2010-12-14 13:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\Google
[2010-12-14 13:36:44 | 000,000,000 | ---D | C] -- C:\Program\Google
[2010-11-30 15:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\AskToolbar
[2010-11-30 02:36:09 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010-11-30 02:36:09 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010-11-29 02:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ImTOO
[2010-11-29 02:08:57 | 000,000,000 | ---D | C] -- C:\Program\iPod
[2010-11-29 02:08:23 | 000,000,000 | ---D | C] -- C:\Program\iTunes
[2010-11-29 02:04:08 | 000,000,000 | ---D | C] -- C:\Program\QuickTime
[2010-11-29 02:02:54 | 000,000,000 | ---D | C] -- C:\Program\Apple Software Update
[2010-11-29 02:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2010-11-29 02:01:20 | 000,000,000 | ---D | C] -- C:\Program\Bonjour
[2009-06-14 18:09:38 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe51.dll
[2008-12-21 19:25:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jacob\Application Data\pcouffin.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010-12-21 21:19:45 | 000,000,410 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{72AB9688-47B1-4843-8370-414A8B59F059}.job
[2010-12-21 21:04:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jacob\Skrivbord\OTL.exe
[2010-12-21 21:01:00 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-12-21 20:50:00 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-12-21 13:50:00 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-12-21 01:18:17 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-12-19 05:36:05 | 000,001,972 | ---- | M] () -- C:\Documents and Settings\Jacob\Skrivbord\HiJackThis.lnk
[2010-12-18 18:59:51 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-12-18 18:58:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-12-18 18:57:41 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-12-18 18:16:14 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-12-16 18:22:32 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\DualCoreCenter.lnk
[2010-12-15 19:56:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-11-29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-11-29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-11-26 05:17:40 | 005,555,712 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010-11-26 05:17:40 | 005,555,712 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2010-11-26 04:57:20 | 016,748,544 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2010-11-26 04:23:36 | 000,471,040 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiok3x2.dll
[2010-11-26 04:12:42 | 000,311,296 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2010-11-26 04:07:34 | 000,057,344 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2010-11-26 04:07:24 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2010-11-26 04:06:14 | 004,489,216 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2010-11-26 03:55:42 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2010-11-26 03:54:36 | 000,302,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010-11-26 03:48:02 | 003,984,864 | ---- | M] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2010-11-26 03:39:40 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2010-11-26 03:34:50 | 000,212,992 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010-11-26 03:34:38 | 000,155,648 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010-11-26 03:34:28 | 000,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010-11-26 03:34:22 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010-11-26 03:34:10 | 000,159,744 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2010-11-26 03:32:24 | 002,669,696 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2010-11-26 03:32:04 | 000,539,392 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010-11-26 03:31:54 | 000,887,724 | ---- | M] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-11-26 03:31:54 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-11-26 03:31:16 | 000,053,248 | ---- | M] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2010-11-26 03:30:34 | 000,121,776 | ---- | M] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010-11-26 03:30:30 | 000,143,360 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2010-11-26 03:26:38 | 000,651,264 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2010-11-26 03:24:46 | 000,196,608 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiadlxx.dll
[2010-11-26 03:24:22 | 000,017,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2010-11-26 03:18:16 | 000,765,952 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2010-11-26 03:16:32 | 000,064,512 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2010-11-26 03:16:32 | 000,064,512 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\amdpcom32.dll
[2010-11-23 03:06:30 | 000,022,305 | ---- | M] () -- C:\WINDOWS\atiogl.xml
[2010-11-22 19:08:25 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ========== [2010-12-19 05:36:05 | 000,001,972 | ---- | C] () -- C:\Documents and Settings\Jacob\Skrivbord\HiJackThis.lnk
[2010-12-18 17:48:12 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-12-18 17:47:48 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-12-16 18:25:17 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010-12-14 13:37:35 | 000,000,924 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-12-14 13:37:34 | 000,000,920 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-11-29 02:02:56 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-07-14 18:11:50 | 001,184,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\FontCache3.0.0.0.dat
[2010-03-18 22:49:47 | 000,524,400 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2
[2009-07-14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009-04-22 21:44:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009-04-22 21:16:38 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\default.pls
[2009-04-22 20:28:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\downloads.m3u
[2009-03-30 18:04:26 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2009-02-19 00:51:57 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-02-05 18:01:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MF.dll
[2008-12-24 01:35:20 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\default.rss
[2008-12-23 03:31:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-12-23 02:28:16 | 000,000,367 | ---- | C] () -- C:\WINDOWS\COVERE~1.INI
[2008-12-21 19:26:08 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\vso_ts_preview.xml
[2008-12-21 19:25:49 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\pcouffin.log
[2008-12-21 19:25:42 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\inst.exe
[2008-12-21 19:25:42 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\pcouffin.cat
[2008-12-21 19:25:42 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\pcouffin.inf
[2008-09-18 01:41:22 | 000,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008-07-01 00:38:36 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\sav950231.sys
[2008-07-01 00:37:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\sav970451.sys
[2008-07-01 00:36:19 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\sav80231.sys
[2008-06-22 22:49:01 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\coreavc.ini
[2008-02-05 16:49:46 | 000,697,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-02-05 16:30:18 | 000,000,124 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-01-10 13:16:20 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-01-10 13:15:30 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-01-09 20:33:49 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008-01-09 15:33:18 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008-01-09 15:33:18 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\PnkBstrK.sys
[2008-01-09 09:30:55 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-01-09 02:29:27 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-01-09 02:21:14 | 000,000,559 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2005-09-15 15:40:22 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\Unrar.dll
[2005-04-21 19:51:26 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GraphEdit.INI
[2002-05-15 05:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll
[2001-11-19 20:05:18 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
< End of report >
Extras:OTL Extras logfile created on: 2010-12-21 21:28:13 - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Jacob\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 127,99 Gb Total Space | 12,51 Gb Free Space | 9,77% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 6,70 Gb Free Space | 1,12% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 8,05 Gb Free Space | 0,86% Space Free | Partition Type: NTFS
Drive G: | 337,77 Gb Total Space | 5,52 Gb Free Space | 1,63% Space Free | Partition Type: NTFS
Drive I: | 1863,01 Gb Total Space | 725,45 Gb Free Space | 38,94% Space Free | Partition Type: NTFS
Computer Name: JAKE | User Name: Jacob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"6112:TCP" = 6112:TCP:*:Enabled:warcraft
"6112:UDP" = 6112:UDP:*:Enabled:warcraft2
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Spel\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Spel\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"C:\Spel\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Spel\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\WINDOWS\system32\winver.exe" = C:\WINDOWS\system32\winver.exe:*:Enabled:winver -- (Microsoft Corporation)
"C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe" = C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords -- (Firaxis Games)
"C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe" = C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss -- (Firaxis Games)
"C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"C:\Program\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Program\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"C:\Program\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Program\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"C:\Program\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Program\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)
"C:\Program\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Spel\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Spel\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"C:\Spel\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Spel\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- ()
"C:\Spel\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = C:\Spel\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"H:\yeash\uTorrent-program\uTorrent.exe" = H:\yeash\uTorrent-program\uTorrent.exe:*:Enabled:µTorrent -- File not found
"F:\NeroExpress\Installation\Setupx.exe" = F:\NeroExpress\Installation\Setupx.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program\DC++\DCPlusPlus.exe" = C:\Program\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- File not found
"C:\Spel\World of Warcraft\Launcher.exe" = C:\Spel\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program\Octoshape Streaming Services\Jacob\OctoshapeClient.exe" = C:\Program\Octoshape Streaming Services\Jacob\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
"C:\Program\VideoLAN\VLC\vlc.exe" = C:\Program\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Spel\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe" = C:\Spel\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program\Spotify\spotify.exe" = C:\Program\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program\Java\jre6\bin\java.exe" = C:\Program\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Spel\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe" = C:\Spel\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum -- (Rocksteady Studios Ltd)
"C:\Program\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"G:\Spel\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe" = G:\Spel\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II -- ()
"G:\Spel\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe" = G:\Spel\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update -- (Ubisoft)
"G:\Spel\Ubisoft\Assassin's Creed II\UPlayBrowser.exe" = G:\Spel\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay -- (Ubisoft Entertainment)
"C:\Program\Sony Ericsson\Update Service\Update Service.exe" = C:\Program\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Spel\Valve\Steam\SteamApps\lamlas@msn.com\counter-strike\hl.exe" = C:\Spel\Valve\Steam\SteamApps\lamlas@msn.com\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Spel\Valve\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Spel\Valve\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\Spel\Valve\Steam\SteamApps\robin_corner\counter-strike\hl.exe" = C:\Spel\Valve\Steam\SteamApps\robin_corner\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Program\Tele2\Tele2 Sjaelvhjaelp\Selfrepair.exe" = C:\Program\Tele2\Tele2 Sjaelvhjaelp\Selfrepair.exe:*:Enabled:Tele2 Självhjälp -- (mquadr.at software engineering & consulting GmbH - Web:
http://www.mquadr.at - Mail:
office@mquadr.at)
"G:\Spel\Split Second\SplitSecond.exe" = G:\Spel\Split Second\SplitSecond.exe:*:Enabled:Split/Second -- (Disney Interactive Studios)
"C:\Spel\Valve\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Spel\Valve\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\Program\iTunes\iTunes.exe" = C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{009435FA-9011-4C36-AE7C-CCC9669E7875}" = Windows Media Format 11 SDK
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1367FA2F-2B3D-430F-872F-588B93420BFC}" = TimeShift
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{161B3AC6-593F-4AC7-BBBF-88B72012A94E}" = OpenOffice.org 3.0
"{17b5ad57-bc5b-4293-92d7-0a15bcd554c0}" = Nero 9
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 23
"{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 5.009.00
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{350C97BC-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3EC91FDF-FE9A-43D5-96C4-8A9C24372500}" = Maxtor OneTouch
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}" = Media Go
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A70922D-9365-43CC-ADA9-CB84E4A54E4E}" = Windows Live Essentials
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6515FE5E-9F36-448F-934E-10CD94821807}" = AMD OverDrive
"{675DD1E6-637A-4F0E-B6DE-26F45CC26092}_is1" = AC2 server emulator 0.41 by Dormine
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6B30FB1E-9F4A-49BA-9D74-174F1ECEB59D}" = Windows Live inloggningsassistenten
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{74C8BF56-6618-49AA-98BA-862223900CBF}" = Norman Virus Control
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.2.100
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{790F6156-B231-F7D6-BAE4-741E7CB0ACB1}" = ccc-utility
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{8014763A-94BD-4CC3-8F86-35BD73C127B9}" = Promise FastTrak PDC42819 RAID Controller Windows Driver
"{810AD6B3-C830-A74C-300E-D14820CE1850}" = Catalyst Control Center InstallProxy
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36579B4-313E-DC6B-D817-41824D46EF5D}" = CCC Help English
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1053-7B44-A94000000001}" = Adobe Reader 9.4.1 - Svenska
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B9060398-FB64-2A4C-C4E6-D1236447E026}" = ATI Catalyst Install Manager
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BFF892FB-23DC-4992-9DBA-019B46F90006}" = Empire Download Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}" = LightScribe System Software 1.17.90.1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D3BA6488-5C3E-A4EF-BA64-74C54ABCEE03}" = ccc-core-static
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D4F8C273-468F-4491-AEA1-A6811B0E2780}" = AMD OverDrive
"{DD8F005A-26EF-4259-8D82-A805BC48B618}" = Tele2 Självhjälp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9E3EE81-6E7F-47A3-8D38-3470256704DB}_is1" = Tortun 0.8
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EC928237-A3BD-4640-ABD0-E49E758F2315}" = Windows Live Messenger
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDD654B3-6FE9-67AC-CE7D-5FE3698439DB}" = Catalyst Control Center Graphics Previews Common
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"396FD00A58F61D595A7B26211A4715A3E27622E0" = Windows-drivrutinspaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"AviSynth" = AviSynth 2.5
"BS.Player ControlBar" = BS.Player ControlBar
"BSPlayerp" = BS.Player PRO
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"D.I.K.O. Free_is1" = DIKO 0.77
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DualCoreCenter_is1" = DualCoreCenter
"EAX Unified" = EAX Unified
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"Final Codecs" = FinalCodecs 2008 Olympic Edition
"Fraps" = Fraps (remove only)
"Frets on Fire" = Frets On Fire
"HaaliMkx" = Haali Media Splitter
"Hamachi" = Hamachi 1.0.3.0
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"ImTOO iPhone Transfer" = ImTOO iPhone Transfer
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{3EC91FDF-FE9A-43D5-96C4-8A9C24372500}" = Maxtor OneTouch
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"iPod PC Transfer_is1" = iPod PC Transfer 5.1
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Mafia" = Mafia
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Measurement Services Client" = Futuremark Measurement Services Client
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKVtoolnix" = MKVtoolnix 2.9.8
"Mozilla (1.7.13)" = Mozilla (1.7.13)
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI Live Update 3" = MSI Live Update 3
"MXOFX" = USB Storage Adapter FX (MXO)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Personal" = Personal 4.10.4
"PunkBusterSvc" = PunkBuster Services
"Spotify" = Spotify
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Tele2 Självhjälp" = Tele2 Självhjälp
"The KMPlayer" = The KMPlayer (remove only)
"Tiberian Sun" = Command & Conquer Tiberian Sun
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"Update Service" = Update Service
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"VideoMach" = VideoMach
"VideoMach 4.0.4" = VideoMach 4.0.4
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"VLC media player" = VLC media player 1.0.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"VOIPlay" = VOIPlay
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomPlayer" = Zoom Player (remove only)
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 2010-12-21 07:13:48 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 12:13:48] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------
Error
message: Running scheduled - shall not start LicWiz
Error - 2010-12-21 08:13:50 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 13:13:50] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------
Error
message: Running scheduled - shall not start LicWiz
Error - 2010-12-21 09:13:58 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 14:13:58] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------
Error
message: Running scheduled - shall not start LicWiz
Error - 2010-12-21 10:14:13 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 15:14:13] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------
Error
message: Running scheduled - shall not start LicWiz
Error - 2010-12-21 11:14:16 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 16:14:16] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------
Error
message: Running scheduled - shall not start LicWiz
Error - 2010-12-21 12:14:18 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 17:14:18] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------
Error
message: Running scheduled - shall not start LicWiz
Error - 2010-12-21 13:14:20 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 18:14:20] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------
Error
message: Running scheduled - shall not start LicWiz
Error - 2010-12-21 14:15:05 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 19:15:05] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------
Error
message: Running scheduled - shall not start LicWiz
Error - 2010-12-21 15:14:54 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 20:14:54] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------
Error
message: Running scheduled - shall not start LicWiz
Error - 2010-12-21 16:15:19 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 21:15:19] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------
Error
message: Running scheduled - shall not start LicWiz
[ System Events ]
Error - 2010-12-14 17:28:38 | Computer Name = JAKE | Source = Service Control Manager | ID = 7034
Description = Tjänsten RIS avslutades oväntat. Detta har skett 1 gånger.
Error - 2010-12-14 17:28:40 | Computer Name = JAKE | Source = Service Control Manager | ID = 7031
Description = Tjänsten Norman Resource Provider avslutades oväntat. Den har gjort
detta 2 gång(er). Följande åtgärd kommer att utföras om 1000 millisekunder: Starta
om tjänsten.
Error - 2010-12-14 17:28:47 | Computer Name = JAKE | Source = Service Control Manager | ID = 7034
Description = Tjänsten Norman Virus Control on-access component avslutades oväntat.
Detta har skett 1 gånger.
Error - 2010-12-14 17:28:50 | Computer Name = JAKE | Source = Service Control Manager | ID = 7034
Description = Tjänsten Norman NJeeves avslutades oväntat. Detta har skett 1 gånger.
Error - 2010-12-14 17:28:55 | Computer Name = JAKE | Source = Service Control Manager | ID = 7031
Description = Tjänsten Norman Resource Provider avslutades oväntat. Den har gjort
detta 3 gång(er). Följande åtgärd kommer att utföras om 5000 millisekunder: Starta
om tjänsten.
Error - 2010-12-14 17:29:18 | Computer Name = JAKE | Source = Service Control Manager | ID = 7034
Description = Tjänsten iPod Service avslutades oväntat. Detta har skett 1 gånger.
Error - 2010-12-15 05:06:51 | Computer Name = JAKE | Source = Service Control Manager | ID = 7034
Description = Tjänsten LightScribeService Direct Disc Labeling Service avslutades
oväntat. Detta har skett 1 gånger.
Error - 2010-12-17 22:55:27 | Computer Name = JAKE | Source = Disk | ID = 262155
Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk2\D.
Error - 2010-12-18 11:33:57 | Computer Name = JAKE | Source = Service Control Manager | ID = 7034
Description = Tjänsten Windows Installer avslutades oväntat. Detta har skett 1 gånger.
Error - 2010-12-18 11:34:06 | Computer Name = JAKE | Source = Service Control Manager | ID = 7034
Description = Tjänsten RIS avslutades oväntat. Detta har skett 1 gånger.
< End of report >
Gmer:GMER 1.0.15.15530 -
http://www.gmer.netRootkit quick scan 2010-12-21 21:45:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD5000AAKS-00YGA0 rev.12.01C02
Running: 1mqzeelt.exe; Driver: C:\DOCUME~1\Jacob\LOKALA~1\Temp\pxtdypow.sys
---- System - GMER 1.0.15 ----
SSDT spba.sys ZwEnumerateKey [0xB7EC9E4C]
SSDT spba.sys ZwEnumerateValueKey [0xB7ECA1DA]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\aawm57tw \Device\Scsi\aawm57tw1 8A3CC470
Device \Driver\aawm57tw \Device\Scsi\aawm57tw1Port4Path0Target0Lun0 8A3CC470
Device \FileSystem\Ntfs \Ntfs 8A8DF1F8
Device \FileSystem\Fastfat \Fat 8A53D470
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Over and out!