Tanks again!
Here are the three reprts.
Report from SDFix:
SDFix: Version 1.240 Run by Ole on 01.04.2009 at 22:28
Microsoft Windows XP [Versjon 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-01 23:33:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...
disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Ole\ntuser.dat, 0
scanning hidden files ...
disk error: C:\WINDOWS\
please note that you need administrator rights to perform deep scan
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"="C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"="C:\\Programfiler\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Programfiler\\TwonkyMedia\\TwonkyMediaServer.exe"="C:\\Programfiler\\TwonkyMedia\\TwonkyMediaServer.exe:*:Enabled:TwonkyMediaServer"
"C:\\Programfiler\\TwonkyMedia\\TwonkyMedia.exe"="C:\\Programfiler\\TwonkyMedia\\TwonkyMedia.exe:*:Enabled:TwonkyMedia"
"C:\\Programfiler\\iTunes\\iTunes.exe"="C:\\Programfiler\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programfiler\\Vuze\\Azureus.exe"="C:\\Programfiler\\Vuze\\Azureus.exe:*:Enabled:Azureus"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"="C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
Files with Hidden Attributes :
Mon 29 Sep 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 29 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2e8effaf51a5e3f2935340df457a3850\download\BIT71.tmp"
Mon 29 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\afe29f6f3378d97f6e679a9615219190\download\BIT6F.tmp"
Mon 29 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\db4b6b0325ccaeb6b88773855e009fac\download\BIT72.tmp"
Finished!Log from random:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ole at 2009-04-01 23:38:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 53 GB (75%) free of 71 GB
Total RAM: 1535 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:38:48, on 01.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hasplms.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe
C:\Programfiler\TerraTec\DMX 6fire\DMX6Fire.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ole\Skrivebord\RSIT.exe
C:\Programfiler\Trend Micro\HijackThis\Ole.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programfiler\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programfiler\Fellesfiler\logishrd\WUApp32.exe -v 0x046d -p 0x08b5 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programfiler\Fellesfiler\logishrd\WUApp32.exe -v 0x046d -p 0x08b5 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Programfiler\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 2703448984O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
http://support.f-secure.com/ols/fscax.cabO18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6734 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\OGADaily.job
C:\WINDOWS\tasks\OGALogon.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll [2009-03-18 372592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Programfiler\Norton 360\Engine\3.0.0.135\IPSBHO.DLL [2009-03-18 107896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Påloggingshjelp for Windows Live - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programfiler\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll [2009-03-18 372592]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"Adobe Reader Speed Launcher"=C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Programfiler\Java\jre6\bin\jusched.exe [2009-03-09 148888]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart
ColorVisionStartup.lnk - C:\Programfiler\ColorVision\Utility\ColorVisionStartup.exe
DMX 6fire 2496 ControlPanel.lnk - C:\Programfiler\TerraTec\DMX 6fire\DMX6Fire.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-14 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programfiler\Bonjour\mDNSResponder.exe"="C:\Programfiler\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programfiler\TwonkyMedia\TwonkyMediaServer.exe"="C:\Programfiler\TwonkyMedia\TwonkyMediaServer.exe:*:Enabled:TwonkyMediaServer"
"C:\Programfiler\TwonkyMedia\TwonkyMedia.exe"="C:\Programfiler\TwonkyMedia\TwonkyMedia.exe:*:Enabled:TwonkyMedia"
"C:\Programfiler\iTunes\iTunes.exe"="C:\Programfiler\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programfiler\Vuze\Azureus.exe"="C:\Programfiler\Vuze\Azureus.exe:*:Enabled:Azureus"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b610186-e3f3-11dd-8a55-00508df3c34d}]
shell\autorun\command - J:\StartCD.exe
======List of files/folders created in the last 1 months======
2009-04-01 23:38:46 ----D---- C:\rsit
2009-04-01 22:20:21 ----D---- C:\WINDOWS\ERUNT
2009-04-01 22:19:14 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-01 21:45:21 ----D---- C:\SDFix
2009-04-01 16:41:27 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-01 16:41:27 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-01 16:41:27 ----A---- C:\WINDOWS\system32\java.exe
2009-03-31 21:05:39 ----A---- C:\WINDOWS\system32\CF17185.exe
2009-03-31 21:05:31 ----D---- C:\Qoobox
2009-03-31 15:51:57 ----D---- C:\Programfiler\Panda Security
2009-03-23 22:06:40 ----D---- C:\Documents and Settings\Ole\Programdata\GetRightToGo
2009-03-23 17:58:28 ----D---- C:\fsaua.data
2009-03-22 22:45:34 ----D---- C:\Programfiler\Malwarebytes' Anti-Malware
2009-03-22 22:45:34 ----D---- C:\Documents and Settings\All Users\Programdata\Malwarebytes
2009-03-18 23:27:53 ----D---- C:\WINDOWS\system32\N360_BACKUP
2009-03-18 22:34:57 ----D---- C:\WINDOWS\pss
2009-03-18 18:45:22 ----RD---- C:\Programfiler\Norton Support
2009-03-18 18:05:39 ----D---- C:\Documents and Settings\All Users\Programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-03-18 18:05:28 ----D---- C:\Programfiler\Symantec
2009-03-18 18:05:28 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-03-18 18:05:03 ----D---- C:\Programfiler\Windows Sidebar
2009-03-18 18:05:03 ----D---- C:\Programfiler\Norton 360
2009-03-18 18:05:03 ----D---- C:\Documents and Settings\All Users\Programdata\Symantec
2009-03-18 18:03:49 ----D---- C:\Documents and Settings\All Users\Programdata\Norton
2009-03-18 18:03:46 ----D---- C:\Programfiler\NortonInstaller
2009-03-18 18:03:46 ----D---- C:\Documents and Settings\All Users\Programdata\NortonInstaller
2009-03-18 17:46:16 ----D---- C:\Programfiler\Fellesfiler\Symantec Shared
2009-03-18 17:46:13 ----D---- C:\Programfiler\Norton Security Scan
2009-03-16 23:19:22 ----D---- C:\Documents and Settings\All Users\Programdata\Office Genuine Advantage
2009-03-16 23:15:35 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-16 23:15:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-16 23:15:22 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-03-16 23:15:16 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-16 18:01:40 ----D---- C:\WINDOWS\system32\log
======List of files/folders modified in the last 1 months======
2009-04-01 23:36:59 ----D---- C:\Programfiler\Mozilla Firefox
2009-04-01 23:33:50 ----D---- C:\WINDOWS\Temp
2009-04-01 23:33:45 ----D---- C:\WINDOWS\Prefetch
2009-04-01 23:31:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-01 23:31:16 ----D---- C:\WINDOWS\system32
2009-04-01 22:26:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-01 22:20:21 ----D---- C:\WINDOWS
2009-04-01 22:16:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-01 22:08:20 ----RASH---- C:\boot.ini
2009-04-01 22:08:20 ----A---- C:\WINDOWS\win.ini
2009-04-01 22:08:20 ----A---- C:\WINDOWS\system.ini
2009-04-01 21:55:55 ----HD---- C:\WINDOWS\inf
2009-04-01 16:41:34 ----SHD---- C:\WINDOWS\Installer
2009-04-01 16:41:23 ----D---- C:\Programfiler\Java
2009-03-31 20:41:20 ----D---- C:\Programfiler\Vuze
2009-03-31 15:54:48 ----D---- C:\WINDOWS\system32\drivers
2009-03-31 15:51:57 ----RD---- C:\Programfiler
2009-03-30 21:36:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-30 21:32:56 ----D---- C:\Documents and Settings\Ole\Programdata\Azureus
2009-03-24 17:35:04 ----D---- C:\Programfiler\Fellesfiler
2009-03-24 14:31:50 ----D---- C:\Programfiler\Trend Micro
2009-03-24 11:33:39 ----D---- C:\Documents and Settings\All Users\Programdata\Adobe
2009-03-24 11:33:37 ----D---- C:\Programfiler\Fellesfiler\Adobe
2009-03-24 11:33:36 ----D---- C:\Programfiler\Adobe
2009-03-23 22:55:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-18 22:33:02 ----D---- C:\WINDOWS\system32\Restore
2009-03-18 22:18:37 ----SD---- C:\WINDOWS\Tasks
2009-03-18 18:16:05 ----SHD---- C:\System Volume Information
2009-03-18 18:05:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-18 18:04:37 ----D---- C:\Documents and Settings\All Users\Programdata\Trend Micro
2009-03-18 01:07:45 ----A---- C:\WINDOWS\DCEBoot.exe
2009-03-17 18:20:52 ----D---- C:\WINDOWS\system32\config
2009-03-17 18:18:36 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-16 23:17:08 ----D---- C:\Programfiler\Fellesfiler\Microsoft Shared
2009-03-16 23:15:29 ----A---- C:\WINDOWS\imsins.BAK
2009-03-16 17:53:52 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-09 05:19:08 ----A---- C:\WINDOWS\system32\deploytk.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 BHDrvx86;Symantec Heuristics Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\ccHPx86.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Programfiler\Fellesfiler\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090331.003\IDSxpx86.sys []
R1 intelppm;Intel-prosessordriver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Tastatur-HID-driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SRTSPX.SYS []
R1 SYMTDI;Symantec Network Dispatch Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SYMTDI.SYS []
R2 aksfridge;aksfridge; \??\C:\WINDOWS\system32\drivers\aksfridge.sys []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 irda;IrDA-protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2008-07-18 72704]
R3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-09-14 2455040]
R3 catchme;catchme; \??\C:\DOCUME~1\Ole\LOKALE~1\Temp\catchme.sys []
R3 dmxfire;DMX6fire WDM Audio; C:\WINDOWS\system32\drivers\dmx6fire.sys [2003-08-29 148724]
R3 dmxsens;dmxsens; C:\WINDOWS\system32\drivers\dmxsens.sys [2003-07-22 403968]
R3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2004-06-22 169984]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 hidusb;Microsoft HID-klassedriver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 iTurns;iTurns; C:\WINDOWS\system32\DRIVERS\iTurnsDriver.sys [2008-09-16 5632]
R3 mouhid;HID-driver for mus; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-04-25 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090401.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090401.003\NAVEX15.SYS []
R3 NIC1394;1394-nettverksdriver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;WAN-miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SRTSP;Symantec Real Time Storage Protection; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SRTSP.SYS []
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SYMFW.SYS []
R3 SYMIDS;Symantec Network Filter Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SYMIDS.SYS []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-03-18 36400]
R3 SYMNDIS;Symantec Network Filter Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SYMNDIS.SYS []
R3 usbccgp;Microsoft USB generell overordnet driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 aktivert hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniportdriver for Microsoft USB universell vertskontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 26b68cb4;26b68cb4; C:\WINDOWS\System32\drivers\26b68cb4.sys []
S3 abeovsl7;abeovsl7; C:\WINDOWS\system32\drivers\abeovsl7.sys []
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\System32\DRIVERS\Camdrl.sys [2007-02-03 1075360]
S3 CCDECODE;Dekoder for teksting for hørselshemmede; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cvspydr2;ColorVision Spyder 2; C:\WINDOWS\system32\DRIVERS\cvspydr2.sys [2002-04-02 33024]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
S3 MSTEE;Tee/Sink-to-Sink-konverterer for Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-kodek; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/video-tilkobling; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PolarUSB;Polar USB Interface; C:\WINDOWS\system32\DRIVERS\PolarUSB.sys [2001-07-12 17343]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 stusb2ir;USB 2.0 IrDA Bridge; C:\WINDOWS\system32\DRIVERS\stusb2ir.sys [2006-09-22 40856]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-03-18 36400]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbaudio;USB-lyddriver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;USB-skannerdriver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-masselagringsenhet; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 wimfltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2008-01-19 131000]
S3 WSTCODEC;World Standard Teletext-kodek; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Filterdriver for systemgjenoppretting; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73344]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-14 483328]
R2 Bonjour Service;Bonjour-tjeneste; C:\Programfiler\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2007-03-15 535807]
R2 Irmon;Infrarød overvåking; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programfiler\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 MDM;Machine Debug Manager; C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 N360;Norton 360; C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [2009-03-18 115560]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-14 593920]
S3 aspnet_state;Statustjeneste for ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod-tjeneste; C:\Programfiler\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 ose;Office Source Engine; C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader-tjeneste; C:\Programfiler\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programfiler\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Programfiler\Windows Media Player\WMPNetwk.exe [2006-11-15 914944]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
-----------------EOF-----------------
Info from random:
info.txt logfile of random's system information tool 1.06 2009-04-01 23:38:50
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Lightroom 2.2-->MsiExec.exe /I{A4EE4223-98B1-4874-BA6E-E8A574F9C0FF}
Adobe Reader 9.1 - Norsk-->MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A91000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agfa ScanWise 2.00-->C:\WINDOWS\IsUninst.exe -f"C:\Programfiler\Agfa\ScanWise 2_00\uninst.isu" -c"C:\Programfiler\Agfa\ScanWise 2_00\UNINSTALL.DLL"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArchiCAD 12 NOR-->C:\Programfiler\Graphisoft\ArchiCAD 12\Uninstall.AC\uninstaller.exe
ArchiCAD Guide - BIM Experience-->C:\Programfiler\Graphisoft\ArchiCAD BIM Experience\Uninstall.TGB\uninstaller.exe
ATI - Avinstalleringsverktøy for Programvaren-->C:\Programfiler\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
DMX 6fire 24/96 ControlPanel-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{3A33D692-8679-4142-94C7-0BB784B9B3A3}\Setup.exe" -l0x9
DVDneXtCOPY iTurns 1.5.4.2-->C:\Programfiler\DVDneXtCOPY iTurns\Uninstall.exe
Exact Audio Copy 0.99pb4-->C:\Programfiler\Exact Audio Copy\uninst.exe
GEAR driver installer for x86 and x64-->MsiExec.exe /I{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}
HijackThis 2.0.2-->"C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IKEA Home Planner-->MsiExec.exe /I{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Kritisk oppdatering for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Malwarebytes' Anti-Malware-->"C:\Programfiler\Malwarebytes' Anti-Malware\unins000.exe"
MediaMonkey 3.0-->"C:\Programfiler\MediaMonkey\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1 Norwegian Language Pack-->MsiExec.exe /X{3EAC35F4-FF26-4123-9404-0B5B93DAB570}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - NOR-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - NOR\install.exe
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120414-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Mozilla Firefox (3.0.
-->C:\Programfiler\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.42-->C:\Programfiler\Mp3tag\Mp3tagUninstall.EXE
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}
Nokia PC Suite-->C:\Documents and Settings\All Users\Programdata\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_nor.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
Norton 360-->C:\Programfiler\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\3.0.0.135\InstStub.exe /X
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{0A77B7A0-B953-4E39-B4B2-A0181AB9AB06}
Oppdatering for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Panda ActiveScan 2.0-->C:\Programfiler\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
Polar Precision Performance SW -->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{B116E95E-01B1-420A-AECB-B2B330B9BD97}\setup.exe" -l0x14
Påloggingsassistent for Windows Live-->MsiExec.exe /I{B965A150-17AB-4EB1-AD98-33149DDBD928}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RAIDar 4.1.4-->C:\Programfiler\NETGEAR ReadyNAS\uninstall.exe
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sikkerhetsoppdatering for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Spyder2express-->C:\WINDOWS\unvise32.exe C:\Programfiler\ColorVision\Spyder2express\uninstal.log
TwonkyMedia-->C:\Programfiler\TwonkyMedia\UninstallTwonkyMedia.exe
USB 2.0 IrDA Bridge-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}\setup.exe" -l0x9
VLC media player 0.9.4-->C:\Programfiler\VideoLAN\VLC\uninstall.exe
WIBU-KEY Setup (WIBU-KEY Remove)-->C:\Programfiler\WIBUKEY\Setup\Setup32.exe /R:{00060000-0000-1004-8002-0000C06B5161}
Windows Driver Package - SafeNet, Inc. (SNTNLUSB) USB (03/09/2006 7.3.0.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\sntnlusb_9A62A041D7FB7541888119E83EC5EB90C7FD7B01\sntnlusb.inf
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{4218D9DC-282B-4596-BEA5-F20560C14400}
Windows Live Messenger-->MsiExec.exe /X{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}
Windows Media Format 11 runtime-->"C:\Programfiler\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programfiler\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows OEM Preinstallation Kit-->MsiExec.exe /I{266CCC48-9AA1-404E-A1CB-558E8CC46F69}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-driverpakke - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows-driverpakke - Nokia Modem (05/22/2008 3.
-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Windows-driverpakke - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Windows-driverpakke - Nokia Modem (10/27/2008 3.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf
Windows-driverpakke - Nokia Modem (10/27/2008 7.01.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf
Windows-driverpakke - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR Arkiverer-->C:\Programfiler\WinRAR\uninstall.exe
XRECODE-->"C:\Programfiler\XRECODE\unins000.exe"
======Hosts File======
127.0.0.1 localhost
======System event log======
Computer Name: DATAROM
Event Code: 7035
Message: Fast User Switching Compatibility-tjenesten har sendt en start-kontroll.
Record Number: 6073
Source Name: Service Control Manager
Time Written: 20090119182413.000000+060
Event Type: Informasjon
User: NT-MYNDIGHET\SYSTEM
Computer Name: DATAROM
Event Code: 7036
Message: Tjenesten Network Location Awareness (NLA) gikk inn i tilstanden Kjører.
Record Number: 6072
Source Name: Service Control Manager
Time Written: 20090119182413.000000+060
Event Type: Informasjon
User:
Computer Name: DATAROM
Event Code: 7035
Message: Network Location Awareness (NLA)-tjenesten har sendt en start-kontroll.
Record Number: 6071
Source Name: Service Control Manager
Time Written: 20090119182413.000000+060
Event Type: Informasjon
User: NT-MYNDIGHET\SYSTEM
Computer Name: DATAROM
Event Code: 7035
Message: Remote Access Connection Manager-tjenesten har sendt en start-kontroll.
Record Number: 6070
Source Name: Service Control Manager
Time Written: 20090119182413.000000+060
Event Type: Informasjon
User: NT-MYNDIGHET\SYSTEM
Computer Name: DATAROM
Event Code: 7036
Message: Tjenesten Telephony gikk inn i tilstanden Kjører.
Record Number: 6069
Source Name: Service Control Manager
Time Written: 20090119182413.000000+060
Event Type: Informasjon
User:
=====Application event log=====
Computer Name: DATAROM
Event Code: 701
Message: MsnMsgr (1344) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Microsoft\Messenger\ole@hunstadweb.net\SharingMetadata\Working\database_A8E9_33_E8FF_FCF6\dfsr.db'.
Record Number: 5007
Source Name: ESENT
Time Written: 20090118040005.000000+060
Event Type: Informasjon
User:
Computer Name: DATAROM
Event Code: 700
Message: MsnMsgr (1344) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Microsoft\Messenger\ole@hunstadweb.net\SharingMetadata\Working\database_A8E9_33_E8FF_FCF6\dfsr.db'.
Record Number: 5006
Source Name: ESENT
Time Written: 20090118040005.000000+060
Event Type: Informasjon
User:
Computer Name: DATAROM
Event Code: 701
Message: MsnMsgr (1344) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Microsoft\Messenger\ole@hunstadweb.net\SharingMetadata\Working\database_A8E9_33_E8FF_FCF6\dfsr.db'.
Record Number: 5005
Source Name: ESENT
Time Written: 20090118030005.000000+060
Event Type: Informasjon
User:
Computer Name: DATAROM
Event Code: 700
Message: MsnMsgr (1344) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Microsoft\Messenger\ole@hunstadweb.net\SharingMetadata\Working\database_A8E9_33_E8FF_FCF6\dfsr.db'.
Record Number: 5004
Source Name: ESENT
Time Written: 20090118030005.000000+060
Event Type: Informasjon
User:
Computer Name: DATAROM
Event Code: 701
Message: MsnMsgr (1344) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Microsoft\Messenger\ole@hunstadweb.net\SharingMetadata\Working\database_A8E9_33_E8FF_FCF6\dfsr.db'.
Record Number: 5003
Source Name: ESENT
Time Written: 20090118020005.000000+060
Event Type: Informasjon
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programfiler\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static;C:\Programfiler\QuickTime\QTSystem\;C:\Programfiler\Windows Imaging\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Programfiler\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Programfiler\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
Thanks again
olpet :-)