DDS log:
DDS (Ver_09-10-13.01) - NTFSx86
Run by Vegard at 14:41:37,71 on 27.10.2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.894.643 [GMT 1:00]
AV: Norman Security Suite *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Norman Security Suite *disabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}
============== Running Processes ===============
C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe
C:\Programfiler\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\Programfiler\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Programfiler\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programfiler\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programfiler\Norman\Npm\Bin\scheduler.exe
C:\Programfiler\Norman\Npm\Bin\Njeeves.exe
C:\Programfiler\Norman\npc\bin\npcsvc32.exe
C:\Programfiler\Norman\npc\bin\nuaa.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Norman\Nse\Bin\NSESVC.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\Canon\MultiPASS4\MPTBox.exe
C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programfiler\Norman\Npm\Bin\ZLH.EXE
C:\Programfiler\Norman\Nvc\Bin\Nip.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\Programfiler\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe
C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Skype\Plugin Manager\skypePM.exe
C:\Programfiler\Norman\npf\bin\npfuser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\Canon\MultiPASS4\MPDBMgr.exe
C:\Documents and Settings\Vegard\Skrivebord\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.google.no/uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programfiler\fellesfiler\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\programfiler\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programfiler\fellesfiler\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programfiler\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programfiler\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programfiler\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programfiler\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programfiler\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programfiler\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programfiler\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programfiler\google\google toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "c:\programfiler\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\programfiler\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\programfiler\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\programfiler\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\programfiler\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SetRefresh] c:\programfiler\compaq\setrefresh\SetRefresh.exe
mRun: [MPTBox] c:\programfiler\canon\multipass4\MPTBox.exe
mRun: [Omnipage] c:\programfiler\scansoft\omnipagese\opware32.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
mRun: [HPHUPD06] c:\programfiler\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HP Software Update] "c:\programfiler\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\programfiler\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [Symantec PIF AlertEng] "c:\programfiler\fellesfiler\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\programfiler\fellesfiler\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Norman ZANDA] "c:\programfiler\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH
mRun: [NPCTray] c:\programfiler\norman\npc\bin\npc_tray.exe /LOAD
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\programfiler\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\programfiler\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\programfiler\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\programfiler\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\programfiler\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programfiler\fellesfiler\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\vegard\start-~1\progra~1\oppstart\onenot~1.lnk - c:\programfiler\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\hpdigi~1.lnk - c:\programfiler\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\sonicc~1.lnk - c:\programfiler\fellesfiler\sonic shared\CineTray.exe
IE: &Windows Live Search - c:\programfiler\windows live toolbar\msntb.dll/search.htm
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\programfiler\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\programfiler\norman\npc\bin\nlf.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
hxxp://download.macromedia.com/pub/shoc ... tor/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} -
hxxp://go.microsoft.com/fwlink/?linkid=39204DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -
hxxps://webdl.symantec.com/activex/symdlmgr.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload2.macromedia.com/get/s ... wflash.cabHandler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\programfiler\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\felles~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\vegard\progra~1\mozilla\firefox\profiles\nu9xbl9l.default\
FF - plugin: c:\programfiler\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programfiler\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\programfiler\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
============= SERVICES / DRIVERS ===============
P2 NPFSvc32;Norman Personal Firewall Service;c:\programfiler\norman\npf\bin\npfsvc32.exe [2009-3-28 599424]
R0 NDIS_RD;Norman Firewall NDIS driver;c:\windows\system32\drivers\ndis_rd.sys [2009-3-28 82072]
R1 NGS;Norman General Security Driver;c:\programfiler\norman\ngs\bin\ngs.sys [2009-3-28 25032]
R1 NPROSEC;Norman Security driver;c:\programfiler\norman\ngs\bin\nprosec.sys [2009-3-28 56136]
R1 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\tdi_rd.sys [2009-3-28 76944]
R2 Ndiskio;Ndiskio;c:\programfiler\norman\nse\bin\Ndiskio.sys [2009-10-15 24168]
R2 NPROSECSVC;Norman Security service;c:\programfiler\norman\ngs\bin\nprosec.exe [2009-3-28 124232]
R2 NVOY;Norman Resource Provider;c:\programfiler\norman\npm\bin\nvoy.exe [2009-3-28 128328]
R3 NPC;Norman Parental Control;c:\programfiler\norman\npc\bin\npcsvc32.exe [2009-3-28 419200]
R3 nsesvc;Norman Scanner Engine Service;c:\programfiler\norman\nse\bin\Nsesvc.exe [2009-10-15 320840]
R3 NUAA;Norman User Activity Agent;c:\programfiler\norman\npc\bin\nuaa.exe [2009-3-28 124232]
R3 Scheduler;Norman Scheduler Service;c:\programfiler\norman\npm\bin\scheduler.exe [2009-5-12 132424]
S2 gupdate1c9d313d654768e;Googles oppdateringstjeneste (gupdate1c9d313d654768e);c:\programfiler\google\update\GoogleUpdate.exe [2009-5-12 133104]
S3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2009-3-28 21832]
S3 nvcoas;Norman Virus Control on-access component;c:\programfiler\norman\nvc\bin\Nvcoas.exe [2009-3-28 197960]
S3 NVCScheduler;Norman Virus Control Scheduler;"c:\programfiler\norman\npm\bin\nvcsched.exe" --> c:\programfiler\norman\npm\bin\Nvcsched.exe [?]
=============== Created Last 30 ================
2009-10-26 08:05 73,728 a------- c:\windows\system32\javacpl.cpl
2009-10-26 07:33 77,312 a------- c:\windows\MBR.exe
2009-10-23 07:08 <DIR> a-dshr-- C:\cmdcons
2009-10-23 07:07 236,544 a------- c:\windows\PEV.exe
2009-10-23 07:07 161,792 a------- c:\windows\SWREG.exe
2009-10-23 07:07 98,816 a------- c:\windows\sed.exe
2009-10-20 07:00 <DIR> --d-h--- c:\windows\PIF
2009-10-13 13:47 25,680 a---h--- c:\windows\system32\mlfcache.dat
2009-10-13 13:34 <DIR> --d----- c:\programfiler\iPod
2009-10-13 13:34 <DIR> --d----- c:\programfiler\iTunes
2009-10-13 13:34 <DIR> --d----- c:\docume~1\alluse~1\progra~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-12 06:18 <DIR> --d----- c:\programfiler\Trend Micro
2009-10-11 19:15 <DIR> --d----- c:\docume~1\vegard\progra~1\Malwarebytes
2009-10-11 19:15 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-11 19:15 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-11 19:15 <DIR> --d----- c:\docume~1\alluse~1\progra~1\Malwarebytes
2009-10-11 19:15 <DIR> --d----- c:\programfiler\Malwarebytes' Anti-Malware
2009-10-11 18:23 <DIR> --d----- c:\programfiler\Spybot - Search & Destroy
2009-10-11 18:23 <DIR> --d----- c:\docume~1\alluse~1\progra~1\Spybot - Search & Destroy
==================== Find3M ====================
2009-10-26 08:05 411,368 a------- c:\windows\system32\deploytk.dll
2009-10-26 07:34 444,344 a------- c:\windows\system32\perfh014.dat
2009-10-26 07:34 79,838 a------- c:\windows\system32\perfc014.dat
2009-10-08 11:59 21,832 a------- c:\windows\system32\drivers\nvcw32mf.sys
2009-10-07 13:22 76,944 a------- c:\windows\system32\drivers\tdi_rd.sys
2009-10-07 13:20 82,072 a------- c:\windows\system32\drivers\ndis_rd.sys
2009-10-07 13:20 44,872 a------- c:\windows\system32\drivers\ale_nf.sys
2009-10-07 13:07 214,344 a------- c:\windows\system32\nscrnsav.scr
2009-09-11 15:20 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 15:20 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 22:05 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 22:05 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 11:32 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-08-28 11:32 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-27 06:18 634,648 -------- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 06:18 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 19:26 421,888 a------- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-08-26 09:02 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 09:02 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-17 22:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-13 16:25 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 10:01 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 22:00 2,190,976 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 18:30 2,067,840 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-08-04 18:30 2,147,328 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 18:30 2,147,328 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 18:30 2,025,984 -------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 18:30 2,025,984 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-08-25 17:05 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokale innstillinger\logg\history.ie5\mshist012008082520080826\index.dat
============= FINISH: 14:42:22,45 ===============
KasperSky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, October 27, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, October 27, 2009 06:33:03
Records in database: 3089315
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics:
Objects scanned: 90447
Threats found: 4
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 01:59:07
File name / Threat / Threats count
C:\Documents and Settings\Administrator\Mine dokumenter\LimeWire\Incomplete\T-1010769-rise against - re-eduction.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1
C:\Documents and Settings\Administrator\Mine dokumenter\LimeWire\Incomplete\T-3515162-cob - are you dead yet.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Administrator\Mine dokumenter\LimeWire\Incomplete\T-3515164-rise against - re-eduction - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Administrator\Mine dokumenter\LimeWire\Incomplete\T-5088466-rise against - re-eduction[high quality].snd Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Documents and Settings\Administrator\Mine dokumenter\LimeWire\Saved\re eduction throug labor rise.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Administrator\Programdata\Sun\Java\Deployment\cache\javapi\v1.0\file\animan.class-3465a4db-700b4c50.class Infected: Exploit.Java.ByteVerify 1
Selected area has been scanned.
well my computer is just getting better and better, but it's still wery laggy on MMORPG games (Multi-Media-Online-Role-Playing-Game)
for example World of Warcraft... it used around 2-5 minutes to log in at worst =( It Has improved now =) but it's still slow and laggy :S Havent tried again yet then